Secure DevOps for AKS

Kubernetes Service

Solution ideas

This article is a solution idea. If you'd like us to expand the content with more information, such as potential use cases, alternative services, implementation considerations, or pricing guidance, let us know by providing GitHub feedback.

DevOps and Kubernetes are better together. By implementing secure DevOps together with Kubernetes on Azure, you can achieve the balance between speed and security and deliver code faster, at scale.

Potential use cases

Put guardrails around the development processes, by using CI/CD with dynamic policy controls, and then accelerate your feedback loop with constant monitoring. Use Azure Pipelines to deliver fast, while ensuring the enforcement of critical policies, with Azure Policy. Azure provides you real-time observability for your build and release pipelines, and the ability to apply a compliance audit and reconfigurations easily.


Architecture diagram shows Inner loop to source code through C I / C D pipelines to Helm chart and Azure Container to A K S production cluster.

Download a Visio file of this architecture.


  1. Developers rapidly iterate, test, and debug different parts of an application together, in the same Kubernetes cluster.
  2. Code is merged into a GitHub repository, after which automated builds and tests are run by Azure Pipelines.
  3. Release pipeline automatically executes a pre-defined deployment strategy, with each code change.
  4. Kubernetes clusters are provisioned, by using tools like Helm charts that define the desired state of app resources and configurations.
  5. Container image is pushed to Azure Container Registry.
  6. Cluster operators define policies in Azure Policy, to govern deployments to the AKS cluster.
  7. Azure Policy audits requests from the pipeline, at the AKS control-plane level.
  8. App telemetry, container health monitoring, and real-time log analytics are obtained using Azure Monitor.
  9. Insights are used to address issues and are fed into next sprint plans.


  • GitHub Enterprise hosts the source code, where developers can collaborate within your organization and the open-source communities. GitHub Enterprise offers advanced security features to identify vulnerabilities in the code you write and in open-source dependencies
  • Azure Pipelines is a service that provides Continuous Integration and Continuous Delivery jobs, to build and release your application automatically.
  • Azure Container Registry hosts your Docker container images. This service includes container image scanning with the integration with Microsoft Defender for Cloud.
  • Azure Kubernetes Service offers a Kubernetes cluster that is fully managed by Azure, to ensure availability and security of your infrastructure.
  • Azure Policy lets you create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. It integrates with Azure Kubernetes Service too.
  • Azure Monitor lets you get insights on the availability and performance of your application and infrastructure. It also gives you access to signals to monitor your solution's health and spot abnormal activity early.


This article is maintained by Microsoft. It was originally written by the following contributors.

Principal author:

Next steps

See the related architectures: