Securing Kubernetes Cluster

When you start using a managed Kubernetes service like AKS you might be inclined to deploy and use your cluster as it comes out of the box; however, as we all know Cloud security follows a Shared Responsibility model where cloud providers like Azure give you the means to deploy secure and hardened environments and it is your responsibility to do so.

In this session, we will cover:
1- One of the possible architectures of a Production-Grade secure AKS environment
2- Integrating your AKS cluster with Azure AD for better RBAC controls
3- Protecting and Controlling North-South traffic in/from your cluster using Azure Firewall which offers strict traffic controls via L3-L7 connectivity policies in addition to native protection provided by Microsoft Threat Intelligence against known malicious IPs and FQDNs
4- Controlling East-West traffic within your cluster using Kubernetes Network Policies
5- Setting up an Istio service mesh and exposing your microservices using a private ingress gateway