A route table and user-defined routes are used to route the outbound traffic from the private AKS cluster to the Azure Firewall. The Azure Firewall and Bastion are deployed to a hub virtual network that's peered with the virtual network that hosts the private AKS cluster.
It also helps protect workloads by using threat intelligence-based filtering. The architecture includes an Azure Firewall that's used to control the inbound and outbound traffic via DNAT rules, network rules, and application rules. Azure Container Registry is used to build, store, and manage container images and artifacts (like Helm charts). The boot diagnostics logs of the VM are stored in an Azure Storage account.Īn Azure Bastion host provides improved-security SSH connectivity to the jump-box VM over SSL. When you deploy AKS as a private cluster, system administrators can use this VM to manage the cluster via the Kubernetes command-line tool. A user node pool that hosts user workloads and artifactsĪ VM is deployed in the virtual network that's hosting the AKS cluster.A system node pool that hosts only critical system pods and services.The AKS cluster is composed of the following pools: Dynamic allocation of IPs and enhanced subnet support.Managed identity in place of a service principal.Azure RBAC for Kubernetes Authorization.AKS-managed Azure Active Directory integration.
#Microsoft docs azure security center drivers#
Container Storage Interface (CSI) drivers for Azure disks and Azure Files.
The Terraform modules allow you to optionally deploy an AKS cluster that has these features: The AKS cluster uses a user-defined managed identity to create additional resources, like load balancers and managed disks in Azure. Application Gateway WAF2 (AppGatewaySubnet).A jump-box virtual machine (VM) and private endpoints (VmSubnet).Terraform modules are used to deploy a new virtual network that has four subnets that host: Architectureĭownload a Visio file of this architecture. The cluster is hosted by one or more spoke virtual networks peered to the hub virtual network. Azure Firewall is used to inspect traffic to and from the Azure Kubernetes Service (AKS) cluster.
#Microsoft docs azure security center how to#
This guide describes how to create a private AKS cluster in a hub-and-spoke network topology by using Terraform and Azure DevOps.
0 kommentar(er)
