Episode
FastTrack for Azure Season 1 Ep01: AKS Security Best Practices
with Colin Cole, Sonalika Roy, Jamal Brown
Kubernetes is the most important application hosting technology in the market today and understanding how to secure this platform is critical to success. This session will walk through the most important aspects of securing the platform from each angle. Note, the session will not cover application identity of cluster hosted apps hosted on the cluster but will instead focus on the Azure infrastructural and Kubernetes aspects of the cluster itself.
Learning objectives
- Cluster Level concerns (API Server, Node Security, Authentication, Upgrades, Azure Defender for Containers)
- Network concerns (Network Security, Network Policy, Egress Security)
- Developer/Configuration concerns (Container Security, Azure Policy, Workload Identity)
- Image Management concerns (Image Scanning).
Chapters
- 00:00 - Welcome and Introductions
- 03:15 - Learning Objectives
- 04:00 - Enabling Private Clusters and Additional Considerations
- 06:25 - Baseline Architecture for AKS Cluster Reference Architecture
- 07:00 - Securing Public Clusters
- 08:35 - Integrating Azure Active Directory and RBAC Considerations
- 12:55 - Integration with Azure Container Registry via Managed Identities
- 15:00 - Monitoring with Container Insights, Enabling Logging and Demo
- 22:50 - Protecting Cluster Subnet with Network Security Groups
- 25:50 - Defender for Containers Overview
- 35:50 - Enabling Azure Policy to Enforce Organizational Standards
- 43:10 - Enabling Private Link to Connect to Azure Resources Privately
- 47:00 - Securing Pod Traffic with Network Policies
- 51:50 - Securing Public Traffic
- 54:39 - Outbound/Egress Traffic Security
- 57:50 - Protecting Sensitive Data with Host Based Encryption and Azure KeyVault
- 01:02:30 - Securely Connect to Resources at the Pod Level
- 01:08:46 - Image Scanning with Microsoft Defender
- 01:12:10 - Container Registry Security
- 01:14:06 - Upgrading and Security Patching Node Pools Overview
- 01:20:40 - Summary and Closing
Recommended resources
Related episodes
- Full series: Learn Live: FastTrack for Azure Season 1
Connect
- Colin Cole | LinkedIn: /in/colinco
- Sonalika Roy | LinkedIn: in/sonalika-roy-27138319
- Jamal Brown | LinkedIn: in/jtbrown95138
Kubernetes is the most important application hosting technology in the market today and understanding how to secure this platform is critical to success. This session will walk through the most important aspects of securing the platform from each angle. Note, the session will not cover application identity of cluster hosted apps hosted on the cluster but will instead focus on the Azure infrastructural and Kubernetes aspects of the cluster itself.
Learning objectives
- Cluster Level concerns (API Server, Node Security, Authentication, Upgrades, Azure Defender for Containers)
- Network concerns (Network Security, Network Policy, Egress Security)
- Developer/Configuration concerns (Container Security, Azure Policy, Workload Identity)
- Image Management concerns (Image Scanning).
Chapters
- 00:00 - Welcome and Introductions
- 03:15 - Learning Objectives
- 04:00 - Enabling Private Clusters and Additional Considerations
- 06:25 - Baseline Architecture for AKS Cluster Reference Architecture
- 07:00 - Securing Public Clusters
- 08:35 - Integrating Azure Active Directory and RBAC Considerations
- 12:55 - Integration with Azure Container Registry via Managed Identities
- 15:00 - Monitoring with Container Insights, Enabling Logging and Demo
- 22:50 - Protecting Cluster Subnet with Network Security Groups
- 25:50 - Defender for Containers Overview
- 35:50 - Enabling Azure Policy to Enforce Organizational Standards
- 43:10 - Enabling Private Link to Connect to Azure Resources Privately
- 47:00 - Securing Pod Traffic with Network Policies
- 51:50 - Securing Public Traffic
- 54:39 - Outbound/Egress Traffic Security
- 57:50 - Protecting Sensitive Data with Host Based Encryption and Azure KeyVault
- 01:02:30 - Securely Connect to Resources at the Pod Level
- 01:08:46 - Image Scanning with Microsoft Defender
- 01:12:10 - Container Registry Security
- 01:14:06 - Upgrading and Security Patching Node Pools Overview
- 01:20:40 - Summary and Closing
Recommended resources
Related episodes
- Full series: Learn Live: FastTrack for Azure Season 1
Connect
- Colin Cole | LinkedIn: /in/colinco
- Sonalika Roy | LinkedIn: in/sonalika-roy-27138319
- Jamal Brown | LinkedIn: in/jtbrown95138
Have feedback? Submit an issue here.