Sign in to confirm you’re not a bot
This helps protect our community. Learn more

Learn Live - AKS Security Best Practices

Microsoft Developer
588K subscribers
<__slot-el>
<__slot-el>
5.9K views Streamed 2 years ago
Full series information: https://aka.ms/learnlive-fasttrack-azure More info here: https://aka.ms/learnlive-fasttrack-az... Follow on Microsoft Learn: Kubernetes is the most important application hosting technology in the market today and understanding how to secure this platform is critical to success. This session will walk through the most important aspects of securing the platform from each angle. Note, the session will not cover application identity of cluster hosted apps hosted on the cluster but will instead focus on the Azure infrastructural and Kubernetes aspects of the cluster itself. --------------------- Learning objectives  ...more
...more

Welcome and Introductions

0:00

Learning Objectives

3:20

Enabling Private Clusters and Additional Considerations

4:05

Baseline Architecture for AKS Cluster Reference Architecture

6:30

Securing Public Clusters

7:05

Integrating Azure Active Directory and RBAC Considerations

8:40

Integration with Azure Container Registry via Managed Identities

13:00

Monitoring with Container Insights, Enabling Logging and Demo

15:05

Protecting Cluster Subnet with Network Security Groups

22:55

Defender for Containers Overview

25:55

Enabling Azure Policy to Enforce Organizational Standards

35:55

Enabling Private Link to Connect to Azure Resources Privately

43:15

Securing Pod Traffic with Network Policies

47:05

Securing Public Traffic

51:55

Outbound/Egress Traffic Security

54:44

Protecting Sensitive Data with Host Based Encryption and Azure KeyVault

57:55

Securely Connect to Resources at the Pod Level

1:02:35

Image Scanning with Microsoft Defender

1:08:51

Container Registry Security

1:12:15

Upgrading and Security Patching Node Pools Overview

1:14:11

Summary and Closing

1:20:45
Learn Live - AKS Security Best Practices
Full series information: https://aka.ms/learnlive-fasttrack-azure More info here: https://aka.ms/learnlive-fasttrack-az... Follow on Microsoft Learn: Kubernetes is the most important application hosting technology in the market today and understanding how to secure this platform is critical to success. This session will walk through the most important aspects of securing the platform from each angle. Note, the session will not cover application identity of cluster hosted apps hosted on the cluster but will instead focus on the Azure infrastructural and Kubernetes aspects of the cluster itself. --------------------- Learning objectives
  • Cluster Level concerns (API Server, Node Security, Authentication, Upgrades, Azure Defender for Containers)
  • Network concerns (Network Security, Network Policy, Egress Security)
  • Developer/Configuration concerns (Container Security, Azure Policy, Workload Identity)
  • Image Management concerns (Image Scanning).
--------------------- Chapters -------- 00:00 - Welcome and Introductions 03:20 - Learning Objectives 04:05 - Enabling Private Clusters and Additional Considerations 06:30 - Baseline Architecture for AKS Cluster Reference Architecture 07:05 - Securing Public Clusters 08:40 - Integrating Azure Active Directory and RBAC Considerations 13:00 - Integration with Azure Container Registry via Managed Identities 15:05 - Monitoring with Container Insights, Enabling Logging and Demo 22:55 - Protecting Cluster Subnet with Network Security Groups 25:55 - Defender for Containers Overview 35:55 - Enabling Azure Policy to Enforce Organizational Standards 43:15 - Enabling Private Link to Connect to Azure Resources Privately 47:05 - Securing Pod Traffic with Network Policies 51:55 - Securing Public Traffic 54:44 - Outbound/Egress Traffic Security 57:55 - Protecting Sensitive Data with Host Based Encryption and Azure KeyVault 1:02:35 - Securely Connect to Resources at the Pod Level 1:08:51 - Image Scanning with Microsoft Defender 1:12:15 - Container Registry Security 1:14:11 - Upgrading and Security Patching Node Pools Overview 1:20:45 - Summary and Closing --------------------- Presenters Colin Cole Principal Engineering Manager, FastTrack for Azure Microsoft Sonalika Roy Senior Engineer, FastTrack for Azure Microsoft Moderators Jamal Brown Azure Cloud Engineer - AppDev Microsoft

Follow along using the transcript.

Microsoft Developer

588K subscribers
Live chat replay is not available for this video.