Read this blog aloud:
The cloud-native landscape moves fast. Between the evolution of Kubernetes networking, the rise of distributed application orchestration, and the ever-present need for bulletproof security, staying ahead of the curve is a full-time job.
At Framework Training, we have been listening to the challenges our clients are facing in the field. To help your team navigate these complexities, we are thrilled to announce three brand-new, intensive training courses .designed to help teams harden Kubernetes security, master the new Gateway API, and simplify distributed development with Aspire.
Whether you are a .NET developer looking for better orchestration or a DevOps engineer hardening your K8s clusters, these courses are built to be hands-on, practical, and immediately applicable.
1. Azure Kubernetes Service Security for Developers: Building Secure Cloud-Native Applications
Security can’t be an afterthought. However, many companies don’t have dedicated infrastructure or platform teams to manage their AKS clusters. This often leaves development teams managing clusters without specialized platform support. The result? A cluster that works, but remains vulnerable to attack.
This 2-day intensive course is built specifically for developers and architects who need a "security-first" approach to AKS. We skip the basics of Kubernetes and dive straight into the Azure-native features that protect your workloads.
The course will discuss the following topics:
AKS Authentication and Authorization: AKS offers three different authentication modes. The course will introduce all the advantages and disadvantages and will also give recommendations which one you should choose for your AKS cluster.
Entra Workload ID: Azure introduced the concept of managed identities many years ago. These identities allow you to configure permissions without the need of password. By using managed identities, you eliminate the need to store or rotate sensitive credentials manually, significantly reducing your attack surface. Entra Workload ID extends the concept of managed identities inside your AKS cluster allowing you applications inside the cluster to also use managed identities to access other Azure resources in a secure and easy way.
Private AKS Cluster: Azure services are usually available from the internet by default. This is great if you want to access the services quickly but the downside is that bad actors also get the chance to try to break into your environment. Configuring your cluster as private disables the public access and helps to keep your cluster secure. This course also introduces all the components involved in the process such as Private Endpoints and private DNS-Zones as well as highlighting options to enable the developer team to access the cluster even without the public access enabled.
Private Azure Container Registry (ACR): While an Azure Container Registry is not part of an AKS cluster directly, they are still closely linked. Therefore, it is recommended to switch to a private ACR after you made the switch to a private AKS cluster. Therefore, all your services are not publicly accessible anymore which reduces the attack surfaces greatly.
Deployments and private resources: Deployments with agents which connect over the internet, such as Microsoft hosted Azure DevOps Agents or GitHub Runner, to the resources won’t work with private resources. The course shows different options how to implement automated deployments while keeping all resources private.
Azure Key Vault Integration: Many secrets can be replaced with managed identities but some, such as third-party API keys, may still be needed for your application. Secrets and other credentials can be stored securely in an Azure Key Vault and then synchronized with the AKS cluster.
This course will offer theory blocks, practical demos and practice time for the attendees for each topic.
View Course Details & Book Here
2. Aspire: Simplifying Distributed Application Development
Modern applications are distributed by nature, but managing that complexity is often a headache. This is where Aspire comes to play. This course explores the new opinionated, cloud-ready stack for building observable and production-ready distributed applications.
Aspire streamlines distributed systems by automating local environment setup. It provides out-of-the-box observability, including logging, metrics, and tracing, via a built-in dashboard. Additionally, Aspire can help your team to quickly deploy the application to an Azure Container App using the built-in Azure Developer CLI.
This 1-day course will discuss the following topics:
Aspire setup for new projects: The first part of this course will create a new .NET demo application and add Aspire to it. This allows attendees to get some hands-on experience quickly and gives a good overview of the features such as the built-in observability pipeline and the dashboard.
Configure local environments with Aspire: Modern software projects often have many different components that need to be coordinated such as a frontend, backend, cache, database, event hub, etc. Many teams use Docker and Docker-Compose to help with the setup of the entire environment but Aspire removes the need for Docker-Compose files and allows for an even easier setup of your local environment.
Aspire setup for existing projects: Most development teams work with existing projects. Therefore, the second part of this course will explain how you can add Aspire to your existing project and take advantage of all its features.
Deploy your project to Azure: The built-in Azure Developer CLI allows you to quickly and easily deploy your entire project to an Azure Container App. The CLI offers a deployment wizard for some basic information and then takes care of everything else. This enables developers to deploy their project with limited Azure know-how. Aspire creates a new Azure Container App, configures it that all dependencies can connect to each other, creates a TLS certificate for a secure HTTPs connection and also creates the dashboard. The dashboard is only accessible after you logged in, ensuring that your data stays private and secure.
Aspire supports many programming languages such as C#, Java, JavaScript, Python, Go, and Typescript. This course will use C# and the newest version of .NET.
View Course Details & Book Here
3. Mastering the Kubernetes Gateway API: Modern Traffic Management
The Kubernetes Ingress API served us well, but modern microservices demand more flexibility, better role separation, and improved cross-namespace support. This intensive two-day course introduces the Kubernetes Gateway API, the successor to Ingress designed for modularity, role separation and easily extensible for new applications.
The course will discuss the following topics:
Ingress vs. Gateway API: The introduction will compare Ingress and Gateway API. While Gateway API can be seen as Ingress version 2 and offers many great improvements, there are still valid uses cases for Ingress.
Install a Gateway API Controller: A Gateway API controller can be installed either inside the cluster or in Azure. In-cluster Gateway API controller such as Nginx, Traefik or Envoy can be used to quickly setup the Gateway API and introduce all components of the Gateway API. The setup in Azure, called Azure Application Gateways for Containers offers additional features but comes at the cost of more complexity and operation costs.
Traffic Control: Using the Gateway API gives developers and administrators granular control over the flow of requests. This course will teach you how to configure the routing of requests based on the URL, path, queries or headers. Additionally, attendees will learn how to implement canary and A-B deployments.
Automating security with HTTPs: Using the Kubernetes resources Cert-Manager and Cert-Issuer in combination with the Gateway API enables the operators of the Kubernetes cluster to automatically create TLS certificates to enable HTTPs for your applications. Once set up, the process automatically creates new certificates and renews then as well before they expire. The training will show how to setup all the resources and configure also wildcard certificates as well as the secure connection to an Azure DNS-Zone.
Pull Request Deployments: Combining everything learned in this course gives your team incredible flexibility. Imagine triggering a fully automated deployment for every pull request, complete with its own TLS certificate and unique URL. This allows the developers to gather feedback in a production-like environment before a single line of code is merged. Once the PR is approved and closed, the system automatically cleans up all temporary resources to keep your cluster lean.
Azure Application Gateway for Containers (AGC): AGC is an Azure service that creates the Gateway API inside an AKS cluster. This service also processes requests outside of your cluster, therefore, lowering the resources needed for the cluster and as a result also lowering the cost of your AKS cluster. AGC offers additional features such as an integration with a Web Application Firewall (WAF). Attendees will learn how to install AGC and then gain hands-on experience with all the components of the Gateway API.
This training can be conducted as a 2 or 3-day course and the content can be tailored to specific requirements and project needs.
View Course Details & Book Here
Ready to upskill your team?
All courses are led by recognized industry experts and can be tailored to individual needs. Contact us and we are happy to create a perfectly fitting course for your requireme