Courses Solutions Case Studies & Testimonials News & Insights About Us Contact Us
Public Sector Graduate Training Schemes Learning & Development Corporate & Volume Pricing Custom Learning Paths

Public Sector

We've had the pleasure of working with UK and overseas central and local government departments, including Healthcare (NHS and Foundation Trusts), Defence, Education (Universities and colleges), many of the main Civil Service departments, Emergency Services; also public-owned corporations including the BBC, Bank of England, Ordnance Survey, and regulatory bodies such as Ofgem.

We are registered on Crown Commercial Service’s (CCS) Dynamic Purchasing System (RM6219 Training and Learning) and also with numerous tender portals such as Ariba, Coupa and Delta E-Sourcing.

Read more...

Graduate Training Schemes

Framework Training has a strong track record of providing a solid introduction into the working world for technical graduates across myriad industries. We provide the opportunity to learn and gain valuable hands-on experience in a supportive, friendly and sociable training environment.

Attract & retain the brightest new starters

We know it is vital for our clients to invest in the future of their talented grads; not only to provide them with high-quality, professional training essential for their roles, but to embed them within the organisation’s culture and guide them on the right path to a successful career.

After all, your new hires could well be the next leaders and their creative ideas and unique insights are invaluable to your business.

Read more ...

Learning & Development

Our unique portfolio of high-quality technical courses and training programmes are industry-respected. They’re carefully designed so that delegates can seamlessly apply what they’ve learnt back in the workplace. Our team of domain experts, trainers, and support teams know our field — and all things tech — inside out, and we work hard to keep ourselves up to speed with the latest innovations. 

We’re proud to develop and deliver innovative learning solutions that actually work and make a tangible difference to your people and your business, driving through positive lasting change. Our training courses and programmes are human-centred. Everything we do is underpinned by our commitment to continuous improvement and learning and generally making things much better.

Read more...

Corporate & Volume Pricing

Whether you are looking to book multiple places on public scheduled courses (attended remotely or in our training centres in London) or planning private courses for a team within your organisation, we will be happy to discuss preferential pricing which maximise your staff education budget.

Enquire today about:

  • Training programme pricing models  

  • Multi-course voucher schemes

Read more...

Custom Learning Paths

We understand that your team training needs don't always fit into a "one size fits all" mould, and we're very happy to explore ways in which we can tailor a bespoke learning path to fit your learning needs.

Find out about how we can customise everything from short overviews, intensive workshops, and wider training programmes that give you coverage of the most relevant topics based on what your staff need to excel in their roles.

Read more...

Securing Azure Kubernetes Service

Confidently secure AKS clusters and their workloads through hands-on exercises exploring Azure's built-in features and best practices.

About the course

Kubernetes is a powerful tool, but its complexity can quickly lead to security misconfigurations if not managed carefully. In many organisations, dedicated platform or security teams are not always available, and the responsibility for securing Kubernetes clusters often falls to development teams. Unfortunately, even small configuration mistakes can have devastating effects on the security posture of your cluster and its workloads.

This practical, hands-on training is specifically designed to help developers who may not have deep K8s or Linux security expertise. You'll learn to effectively use existing Azure and Azure Kubernetes Service (AKS) features to keep your AKS clusters secure. Through instructor-led demonstrations, discussions, and hands-on labs, you'll gain the essential skills to protect your applications, manage identities, secure your network, and enforce compliance, ensuring your deployments are robust and resilient.

Instructor-led online and in-house face-to-face options are available - as part of a wider customised training programme, or as a standalone workshop, on-site at your offices or at one of many flexible meeting spaces in the UK and around the World.

    • 1. Implement AKS Authentication & Authorisation: Configure and manage different authentication and authorisation modes for an AKS cluster, including Entra ID integration.
    • 2. Secure Applications with Entra Workload ID: Utilise Entra Workload ID to provide secure, secret-less access for applications to Azure resources.
    • 3. Configure Private AKS Clusters: Provision and manage private AKS clusters to significantly enhance network security and control access.
    • 4. Secure the Image Supply Chain: Set up and manage a private Azure Container Registry (ACR) with private endpoints to ensure a secure container image supply chain.
    • 5. Build Secure CI/CD Pipelines for AKS: Configure CI/CD pipelines to securely deploy applications to private AKS clusters and pull images from private registries.
    • 6. Manage Application Secrets Securely: Implement the Key Vault Secrets Provider extension to securely mount and manage application secrets within AKS pods.
    • 7. Enforce Security Standards with Azure Policy: Use Azure Policy to define and enforce security standards and compliance across AKS clusters.
    • 8. Identify Additional AKS Security Features: Recognise and understand the purpose of other advanced security features for AKS, such as Azure Linux and Image Signing.

  • This training is ideal for:

    • Developers who are managing their own AKS clusters.

    • DevOps Engineers and SREs responsible for deploying and managing applications on AKS.

    • Cloud Security Engineers looking to enhance their knowledge of container security.

    • System Administrators who are new to AKS and want to build a secure foundation.

  • You will get the most out of this course if you have some prior experience with key Azure and Kubernetes concepts:

    • Basic understanding of Kubernetes concepts: Familiarity with fundamental Kubernetes primitives such as Pods, Deployments, and Services.

    • Familiarity with the Azure platform: Basic knowledge of Azure concepts and managing Azure resources.

  • This AKS security course is available for private / custom delivery for your team - as an in-house face-to-face workshop at your location of choice, or as online instructor-led training via MS Teams (or your own preferred platform).

    Get in touch to find out how we can deliver tailored training which focuses on your project requirements and learning goals.

  • Day 1: Identity, Access & Network Security

    Module 1: Authentication and Authorisation in AKS

    • Overview: Understanding the critical difference between authentication and authorisation in Kubernetes.

    • Hands-On Lab: Configuring Entra ID (formerly Azure AD) integration for an AKS cluster to manage user access.

    • Demo: Illustrating the risks of misconfiguring authentication/authorisation by accessing a public AKS cluster using a user's Entra ID credentials.

    • Discussion: Deep dive into various RBAC (Role-Based Access Control) options for granular control over cluster resources.

    Module 2: Entra Workload ID for Secret-less Access

    • The Problem with Secrets: Why storing secrets directly in applications or configuration files poses a significant security risk.

    • Introduction to Entra Workload ID: How this feature provides secure, secret-less access for applications to Azure resources using federated identities.

    • Hands-On Lab: Configuring Entra Workload ID for a sample application deployed on AKS.

    • Demo: Observing an application on AKS successfully accessing an Azure resource (e.g., Azure SQL Database) using its federated identity without hardcoded credentials.

    Module 3: Private AKS Clusters for Enhanced Network Security

    • The Anatomy of a Private Cluster: Understanding the network architecture of a private AKS cluster, including its private endpoint and control plane isolation.

    • Hands-On Lab: Provisioning a private AKS cluster and exploring various secure methods to access its API server.

    • Discussion: Analysing the trade-offs and decision criteria for choosing between a private cluster and a public cluster.

    Module 4: Private Azure Container Registry (ACR)

    • Securing Image Repositories: The imperative of using a private container registry for a secure software supply chain.

    • Hands-On Lab: Setting up a private ACR and configuring a private endpoint for it to ensure secure image pulling.

    • Demo: Deploying an application to AKS, demonstrating the secure image pull from a privately connected ACR.

    Day 2: Secret Management, Policy & Advanced Hardening

    Module 5: CI/CD with Private ACR and AKS

    • The Challenge of Private Endpoints in CI/CD: Understanding why standard CI/CD agents often cannot reach private clusters or private registries.

    • Solutions for Secure Pipelines: Exploring strategies like using self-hosted agents within the Virtual Network (VNet) or Managed DevOps Pools.

    • Hands-On Lab: Setting up Managed DevOps Pools for Azure DevOps (or self-hosted agents on Azure VMs) to enable private connectivity.

    • Demo: Running an end-to-end deployment pipeline that securely pulls container images from a private ACR and deploys them to a private AKS cluster.

    Module 6: Secret Management with Key Vault Secrets Provider Extension

    • Introduction to Key Vault Secrets Provider: A deep dive into how this AKS extension allows applications to securely access secrets stored in Azure Key Vault.

    • Hands-On Lab: Installing and configuring the Key Vault Secrets Provider on an AKS cluster.

    • Demo: Demonstrating how the extension mounts secrets from Azure Key Vault directly into an application's pod as files or environment variables.

    Module 7: Azure Policy for AKS Governance

    • What is Azure Policy for AKS? Understanding its role in enforcing security, compliance, and governance standards at the cluster level.

    • Hands-On Lab: Implementing a built-in Azure Policy to block unsecure image deployments (e.g., images from untrusted registries or without specific tags).

    • Demo: Creating and applying a custom Azure Policy to enforce specific security requirements relevant to the organisation's needs.

    Module 8: Introduction to Additional Security Features

    • Overview: A brief introduction to other crucial security features for further exploration and continuous hardening.

    • Features:

      • Azure Linux: Understanding the security benefits of using a hardened, optimised Linux distribution for AKS nodes.

      • AKS Automatic: How this feature simplifies cluster management and helps keep components up-to-date with the latest security patches.

      • Image Signing and Image Integrity Checks: A look into how to use content trust to ensure the integrity and authenticity of container images throughout the supply chain.

      • Pod Security Context: How to define privileged and unprivileged settings for a pod to enhance its security posture and restrict capabilities.

    • Q&A and Next Steps: Open discussion and resources for continued learning in AKS security.

Trusted by

OVO Energy company logo CAPITA company logo BBC logo AMEC company logo

Public Courses Dates and Rates

Please get in touch for pricing and availability.

Related courses