Many companies strive to extend their data centers to the cloud to take advantage of the cloud providers’ enormous resource capacities. For some this is a short-term expansion due to business peak seasons, for others, it is a permanent need. Regardless, they would want to maintain the privacy and security that their private clouds and data centers provide. This means they would like to avoid exposure to the public internet as much as possible. In this video, we will discuss hybrid and cross-premises cloud concepts and how Azure’s private networks provide network isolation on the Azure cloud. In this video, we will help a fictitious Acme Corporation set up a private Kubernetes AKS cluster in Azure without exposing the API server or Kubernetes services’ DNS name/IP addresses. We will introduce the “Azure Kubernetes Service cluster with API Server VNet Integration” and VPN gateways to achieve our task. We will also discuss some of Azure's fundamental concepts such as tenants, subscriptions, resource groups, and management groups.
Lab's prerequisite:
- An Azure subscription. You can get a free 30 day trial license @ azure.microsoft.com
- Bicep VS extension tools @ learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/install
- VPN Client Entra ID Auth:
Configure a P2S VPN gateway for Microsoft Entra ID (Sections: “Prerequisites”, “Create Microsoft Entra tenant users”, and “Authorize the Azure VPN application” @
authenticationlearn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
OR:
- VPN Client Cert Auth:
Configure server settings for P2S VPN Gateway connections - certificate authentication - Azure portal @ learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
Point-to-site VPN client configuration workflow: Certificate authentication - Windows @ learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert- windows
- VPN Client app:
Windows: @ apps.microsoft.com/detail/9np355qt2sqb?hl=en-US&gl=US
Mac: @ apps.apple.com/us/app/azure-vpn-client/id1553936137?mt=12
My other videos:
►Workload Identity Part 2: How Cilium Implements Its Mutual Auth Leveraging SPIFFE and SPIRE:
kzbin.info/www/bejne/hWSmanlpipx0jJo
►Workload Identity part 2: How Cilium Implements Its Mutual Auth Leveraging SPIFFE and SPIRE
Workload Identity Part 1: Introduction to SPIFFE and SPIRE - KZbin
► Encrypt Client Communication to Kubernetes Services Leveraging Cert-Manage and Let’s Encrypt
kzbin.info/www/bejne/pomod42PoZd6q5I
►Kubernetes Security, Part 4: Kubernetes Authentication (Part B: Open ID Connect Auth)
kzbin.info/www/bejne/g2qucnWfmcSmebs
►Kubernetes Security, Part 3: Kubernetes Auth (Part A: Overview and X509 Client Certificate auth)
kzbin.info/www/bejne/jYvZgXylit54qK8
►Kubernetes Security, Part 2: Managing POD Run Time Security
kzbin.info/www/bejne/hH-oaqqeeLmjZsk
► Istio Ambient Service Mesh
kzbin.info/www/bejne/jYGvh6mthax9rNk
► Kubernetes Security, Part 1: Kubernetes Security Overview and Role Based Access Control (RBAC) in Detail
kzbin.info/www/bejne/h6jOmqtvr52srbc
► Cilium Service Mesh
kzbin.info/www/bejne/Y6CZdmuYjs9grtk
► Cilium Kubernetes CNI Provider: Part 4, IP Routing Modes (Direct and Encapsulated)
kzbin.info/www/bejne/oGPEoKttgJJqrbc
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
kzbin.info/www/bejne/nZzVgadmj8h2nNE
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
kzbin.info/www/bejne/a3bGh6WjZZald7c
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process kzbin.info/www/bejne/l33UZIJpoZd_fJY
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
kzbin.info/www/bejne/jX6vhHdorpd8nZY
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
kzbin.info/www/bejne/Z6XKopewaNGqY80
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
kzbin.info/www/bejne/nKXbqYJpbZZglbM
► Sharing Resources between Windows and Linux:
kzbin.info/www/bejne/g6uriWmbitGNnNU
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
kzbin.info/www/bejne/opy7faZ6a5JnoKM
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
kzbin.info/www/bejne/o5vGf3yXh6l0qcU
►Configuring and Managing Storage in Kubernetes:
kzbin.info/www/bejne/i2KUip2Xh9t2mpY
► Istio Service Mesh - Securing Kubernetes Workloads:
kzbin.info/www/bejne/fXe7m5-Gd9isoa8
► Istio Service Mesh - Intro
kzbin.info/www/bejne/rpCrg59jes2pmJo
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
kzbin.info/www/bejne/qamlamCqmZZgfJo
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
kzbin.info/www/bejne/rJvLcmyKf7yqY80
► Understanding Kubernetes Networking. Part 4: Kubernetes Services:
kzbin.info/www/bejne/eIvOY3uLgNird7M
► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in depth:
kzbin.info/www/bejne/rIDSkJJpfNasrq8