Book Image

Hands-on Kubernetes on Azure, Third Edition - Third Edition

By : Nills Franssens, Shivakumar Gopalakrishnan, Gunther Lenz
Book Image

Hands-on Kubernetes on Azure, Third Edition - Third Edition

By: Nills Franssens, Shivakumar Gopalakrishnan, Gunther Lenz

Overview of this book

Containers and Kubernetes containers facilitate cloud deployments and application development by enabling efficient versioning with improved security and portability. With updated chapters on role-based access control, pod identity, storing secrets, and network security in AKS, this third edition begins by introducing you to containers, Kubernetes, and Azure Kubernetes Service (AKS), and guides you through deploying an AKS cluster in different ways. You will then delve into the specifics of Kubernetes by deploying a sample guestbook application on AKS and installing complex Kubernetes apps using Helm. With the help of real-world examples, you'll also get to grips with scaling your applications and clusters. As you advance, you'll learn how to overcome common challenges in AKS and secure your applications with HTTPS. You will also learn how to secure your clusters and applications in a dedicated section on security. In the final section, you’ll learn about advanced integrations, which give you the ability to create Azure databases and run serverless functions on AKS as well as the ability to integrate AKS with a continuous integration and continuous delivery (CI/CD) pipeline using GitHub Actions. By the end of this Kubernetes book, you will be proficient in deploying containerized workloads on Microsoft Azure with minimal management overhead.
Table of Contents (22 chapters)
1
Foreword
Free Chapter
2
Section 1: The Basics
5
Section 2: Deploying on AKS
11
Section 3: Securing your AKS cluster and workloads
16
Section 4: Integrating with Azure managed services
21
Index

13. Azure Security Center for Kubernetes

Kubernetes is a very powerful platform with a lot of configuration options. Configuring your workload the right way and making sure you follow best practices can be difficult. There are industry benchmarks that you can follow to get guidelines for how to deploy your workloads securely, such as the Center for Internet Security (CIS) Benchmarks for Kubernetes: https://www.cisecurity.org/benchmark/kubernetes/.

Azure Security Center is a unified infrastructure security management platform. It provides continuous security monitoring and alerting for resources in Azure as well as for hybrid workloads. It offers protection for many Azure resources, including Kubernetes clusters. This will allow you to ensure your workloads are configured securely and protected.

Azure Security Center offers two types of protection. First, it monitors your resource configuration and compares it to security best practices, and then gives you actionable recommendations...