Learn Live - AKS Security Best Practices
Vložit
- čas přidán 23. 07. 2024
- Full series information: aka.ms/learnlive-fasttrack-azure
More info here: aka.ms/learnlive-fasttrack-az...
Follow on Microsoft Learn:
- Session content: aka.ms/learnlive-20220913A
Kubernetes is the most important application hosting technology in the market today and understanding how to secure this platform is critical to success. This session will walk through the most important aspects of securing the platform from each angle. Note, the session will not cover application identity of cluster hosted apps hosted on the cluster but will instead focus on the Azure infrastructural and Kubernetes aspects of the cluster itself.
---------------------
Learning objectives
- Cluster Level concerns (API Server, Node Security, Authentication, Upgrades, Azure Defender for Containers)
- Network concerns (Network Security, Network Policy, Egress Security)
- Developer/Configuration concerns (Container Security, Azure Policy, Workload Identity)
- Image Management concerns (Image Scanning).
---------------------
Chapters
--------
00:00 - Welcome and Introductions
03:20 - Learning Objectives
04:05 - Enabling Private Clusters and Additional Considerations
06:30 - Baseline Architecture for AKS Cluster Reference Architecture
07:05 - Securing Public Clusters
08:40 - Integrating Azure Active Directory and RBAC Considerations
13:00 - Integration with Azure Container Registry via Managed Identities
15:05 - Monitoring with Container Insights, Enabling Logging and Demo
22:55 - Protecting Cluster Subnet with Network Security Groups
25:55 - Defender for Containers Overview
35:55 - Enabling Azure Policy to Enforce Organizational Standards
43:15 - Enabling Private Link to Connect to Azure Resources Privately
47:05 - Securing Pod Traffic with Network Policies
51:55 - Securing Public Traffic
54:44 - Outbound/Egress Traffic Security
57:55 - Protecting Sensitive Data with Host Based Encryption and Azure KeyVault
1:02:35 - Securely Connect to Resources at the Pod Level
1:08:51 - Image Scanning with Microsoft Defender
1:12:15 - Container Registry Security
1:14:11 - Upgrading and Security Patching Node Pools Overview
1:20:45 - Summary and Closing
---------------------
Presenters
Colin Cole
Principal Engineering Manager, FastTrack for Azure
Microsoft
- LinkedIn: / colinco
Sonalika Roy
Senior Engineer, FastTrack for Azure
Microsoft
- LinkedIn: / sonalika-roy-27138319
Moderators
Jamal Brown
Azure Cloud Engineer - AppDev
Microsoft
- LinkedIn: / jtbrown95138 - Věda a technologie
Great content!