azure_kubernetes_service_security.html

﻿<html>
<head>
<title>
Azure Kubernetes Service Security
</title>
<link rel="shortcut icon" type="image/png" href="favicon.png"/>
</head>
<body>
<img src="azure_kubernetes_service_security.png" border="none" usemap="#map"/>
<map name="map">
<area shape="rect" coords="3226,441,3242,457" href="https://docs.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges" target="_blank"/>
<area shape="rect" coords="3196,582,3212,598" href="https://docs.microsoft.com/en-us/azure/aks/private-clusters" target="_blank"/>
<area shape="rect" coords="3708,795,3724,811" href="https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview" target="_blank"/>
<area shape="rect" coords="3676,825,3692,841" href="https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways" target="_blank"/>
<area shape="rect" coords="3688,860,3704,876" href="https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways" target="_blank"/>
<area shape="rect" coords="3582,910,3598,926" href="https://docs.microsoft.com/en-us/azure/aks/command-invoke" target="_blank"/>
<area shape="rect" coords="3730,213,3746,229" href="https://docs.microsoft.com/en-us/azure/aks/managed-aad#use-conditional-access-with-azure-ad-and-aks" target="_blank"/>
<area shape="rect" coords="3733,245,3749,261" href="https://azure.microsoft.com/en-us/updates/general-availability-justintime-access-support-in-aks/" target="_blank"/>
<area shape="rect" coords="3669,326,3685,342" href="https://github.com/Azure/kubelogin" target="_blank"/>
<area shape="rect" coords="3672,369,3688,385" href="https://docs.microsoft.com/en-us/azure/aks/managed-aad#disable-local-accounts" target="_blank"/>
<area shape="rect" coords="3337,144,3353,160" href="https://docs.microsoft.com/en-us/azure/aks/use-azure-policy" target="_blank"/>
<area shape="rect" coords="3475,118,3491,134" href="https://github.com/open-policy-agent/gatekeeper" target="_blank"/>
<area shape="rect" coords="3638,95,3654,111" href="https://www.openpolicyagent.org/" target="_blank"/>
<area shape="rect" coords="3152,927,3168,943" href="https://azure.microsoft.com/en-us/updates/aks-control-plane-audit-logs/" target="_blank"/>
<area shape="rect" coords="3352,912,3368,928" href="https://docs.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-log-query#resource-logs" target="_blank"/>
<area shape="rect" coords="3290,970,3306,986" href="https://docs.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-log-query#api-server-logs" target="_blank"/>
<area shape="rect" coords="3313,1062,3329,1078" href="https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#:~:text=Ubuntu%7D%5D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%5B-,%2D%2Doutbound%2Dtype,-%7BloadBalancer%2C%20managedNATGateway%2C%20userAssignedNATGateway" target="_blank"/>
<area shape="rect" coords="3751,1001,3767,1017" href="https://docs.microsoft.com/en-us/azure/aks/nat-gateway" target="_blank"/>
<area shape="rect" coords="3553,966,3569,982" href="https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype#outbound-type-of-loadbalancer" target="_blank"/>
<area shape="rect" coords="3546,1171,3562,1187" href="https://docs.microsoft.com/en-us/azure/aks/http-proxy" target="_blank"/>
<area shape="rect" coords="3548,1111,3564,1127" href="https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype#outbound-type-of-userdefinedrouting" target="_blank"/>
<area shape="rect" coords="3727,1084,3743,1100" href="https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic#restrict-egress-traffic-using-azure-firewall" target="_blank"/>
<area shape="rect" coords="3874,1050,3890,1066" href="https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic#azure-global-required-network-rules" target="_blank"/>
<area shape="rect" coords="3963,1081,3979,1097" href="https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic#azure-global-required-fqdn--application-rules" target="_blank"/>
<area shape="rect" coords="4305,1029,4321,1045" href="https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic#required-fqdn--application-rules" target="_blank"/>
<area shape="rect" coords="4368,1071,4384,1087" href="https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic#windows-server-based-node-pools" target="_blank"/>
<area shape="rect" coords="4314,1144,4330,1160" href="https://docs.microsoft.com/en-us/azure/aks/limit-egress-traffic#aks-addons-and-integrations" target="_blank"/>
<area shape="rect" coords="3705,1410,3721,1426" href="https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/?msclkid=cc42e8b8cf8411ec8f7f617e6f15cc82" target="_blank"/>
<area shape="rect" coords="4040,1348,4056,1364" href="https://kubernetes.github.io/ingress-nginx/" target="_blank"/>
<area shape="rect" coords="3956,1471,3972,1487" href="https://docs.microsoft.com/en-us/azure/application-gateway/" target="_blank"/>
<area shape="rect" coords="4372,1486,4388,1502" href="https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-install-new" target="_blank"/>
<area shape="rect" coords="4373,1526,4389,1542" href="https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-install-existing" target="_blank"/>
<area shape="rect" coords="4339,1452,4355,1468" href="https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-migration" target="_blank"/>
<area shape="rect" coords="4458,1392,4474,1408" href="https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-overview" target="_blank"/>
<area shape="rect" coords="4086,1294,4102,1310" href="https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard" target="_blank"/>
<area shape="rect" coords="3310,1390,3326,1406" href="https://docs.microsoft.com/en-us/azure/virtual-network/kubernetes-network-policies" target="_blank"/>
<area shape="rect" coords="3413,1376,3429,1392" href="https://docs.microsoft.com/en-us/azure/aks/use-network-policies#network-policy-options-in-aks" target="_blank"/>
<area shape="rect" coords="3415,1412,3431,1428" href="https://docs.microsoft.com/en-us/azure/aks/use-network-policies#create-an-aks-cluster-for-calico-network-policies" target="_blank"/>
<area shape="rect" coords="3485,1449,3501,1465" href="https://docs.microsoft.com/en-us/azure/aks/open-service-mesh-about" target="_blank"/>
<area shape="rect" coords="3565,1437,3581,1453" href="https://smi-spec.io/" target="_blank"/>
<area shape="rect" coords="3581,1474,3597,1490" href="https://release-v1-1.docs.openservicemesh.io/" target="_blank"/>
<area shape="rect" coords="3471,1499,3487,1515" href="https://servicemesh.es/?msclkid=8905b365cf8d11ecb059e190cedb1cad#:~:text=Service%20Mesh%20Implementations" target="_blank"/>
<area shape="rect" coords="2301,480,2317,496" href="https://kubernetes.io/docs/concepts/security/controlling-access/" target="_blank"/>
<area shape="rect" coords="1992,639,2008,655" href="https://docs.microsoft.com/en-us/azure/aks/manage-azure-rbac" target="_blank"/>
<area shape="rect" coords="1806,624,1822,640" href="https://docs.microsoft.com/en-us/azure/aks/manage-azure-rbac#create-role-assignments-for-users-to-access-cluster" target="_blank"/>
<area shape="rect" coords="2102,32,2118,48" href="https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity" target="_blank"/>
<area shape="rect" coords="1236,1349,1252,1365" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-container-registries-introduction" target="_blank"/>
<area shape="rect" coords="1330,1264,1346,1280" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-container-registries-cicd" target="_blank"/>
<area shape="rect" coords="1186,1241,1202,1257" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-container-registries-cicd" target="_blank"/>
<area shape="rect" coords="842,1211,858,1227" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-cicd#:~:text=your%20GitHub%20workflow-,Step%201.%20Enable%20the%20CI/CD%20integration%20in%20Defender%20for%20Cloud,-From%20Defender%20for" target="_blank"/>
<area shape="rect" coords="946,1275,962,1291" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-cicd#:~:text=Step%202.%20Add%20the%20necessary%20lines%20to%20your%20GitHub%20workflow%20and%20perform%20a%20scan" target="_blank"/>
<area shape="rect" coords="383,1235,399,1251" href="https://github.com/Azure/container-scan" target="_blank"/>
<area shape="rect" coords="189,1206,205,1222" href="https://github.com/aquasecurity/trivy" target="_blank"/>
<area shape="rect" coords="184,1259,200,1275" href="https://github.com/goodwithtech/dockle" target="_blank"/>
<area shape="rect" coords="397,1316,413,1332" href="https://github.com/Azure/publish-security-assessments" target="_blank"/>
<area shape="rect" coords="1756,776,1772,792" href="https://docs.microsoft.com/en-us/azure/aks/security-hardened-vm-host-image" target="_blank"/>
<area shape="rect" coords="1250,701,1266,717" href="https://docs.microsoft.com/en-us/azure/aks/node-updates-kured" target="_blank"/>
<area shape="rect" coords="950,691,966,707" href="https://docs.microsoft.com/en-us/azure/aks/node-updates-kured#node-image-upgrades" target="_blank"/>
<area shape="rect" coords="950,725,966,741" href="https://docs.microsoft.com/en-us/azure/aks/node-updates-kured#node-upgrades" target="_blank"/>
<area shape="rect" coords="1351,805,1367,821" href="https://docs.microsoft.com/en-us/azure/aks/azure-disk-customer-managed-keys" target="_blank"/>
<area shape="rect" coords="1781,1038,1797,1054" href="https://docs.microsoft.com/en-us/azure/aks/enable-host-encryption" target="_blank"/>
<area shape="rect" coords="1432,1120,1448,1136" href="https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption#encryption-at-host---end-to-end-encryption-for-your-vm-data" target="_blank"/>
<area shape="rect" coords="1441,982,1457,998" href="https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption#encryption-at-host---end-to-end-encryption-for-your-vm-data" target="_blank"/>
<area shape="rect" coords="1183,1049,1199,1065" href="https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption#encryption-at-host---end-to-end-encryption-for-your-vm-data" target="_blank"/>
<area shape="rect" coords="3341,1632,3357,1648" href="https://kubernetes-csi.github.io/docs/" target="_blank"/>
<area shape="rect" coords="3531,1664,3547,1680" href="https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-driver" target="_blank"/>
<area shape="rect" coords="3764,1713,3780,1729" href="https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access" target="_blank"/>
<area shape="rect" coords="3537,1596,3553,1612" href="https://www.vaultproject.io/docs/platform/k8s/csi" target="_blank"/>
<area shape="rect" coords="2049,1608,2065,1624" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/media/defender-for-containers/defender-for-containers-provisioning-configuration.gif" target="_blank"/>
<area shape="rect" coords="1592,1806,1608,1822" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/media/defender-for-containers/architecture-aks-cluster.png" target="_blank"/>
<area shape="rect" coords="1310,1974,1326,1990" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference#alerts-k8scluster" target="_blank"/>
<area shape="rect" coords="1078,1995,1094,2011" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-enable?tabs=aks-deploy-portal%2Ck8s-deploy-asc%2Ck8s-verify-asc%2Ck8s-remove-arc%2Caks-removeprofile-api&amp;pivots=defender-for-container-aks#simulate-security-alerts-from-microsoft-defender-for-containers" target="_blank"/>
<area shape="rect" coords="1308,1769,1324,1785" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/media/defender-for-kubernetes-azure-arc/defender-for-kubernetes-architecture-overview.png" target="_blank"/>
<area shape="rect" coords="1323,1820,1339,1836" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/kubernetes-workload-protections" target="_blank"/>
<area shape="rect" coords="927,1802,943,1818" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/kubernetes-workload-protections#:~:text=To-,Deploy%20the%20add%2Don%20to%20specified%20clusters,-%3A" target="_blank"/>
<area shape="rect" coords="926,1840,942,1856" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/kubernetes-workload-protections#:~:text=and%20configure%20the-,bundle%20of%20recommendations,-Approximately%2030%20minutes" target="_blank"/>
<area shape="rect" coords="1037,1897,1053,1913" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference#alerts-k8scluster" target="_blank"/>
<area shape="rect" coords="1322,1670,1338,1686" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks#:~:text=Defender%20profile%20component%20details" target="_blank"/>
<area shape="rect" coords="1154,1548,1170,1564" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-container-registries-introduction#when-are-images-scanned" target="_blank"/>
<area shape="rect" coords="951,1550,967,1566" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks#scanning-images-in-acr-registries" target="_blank"/>
<area shape="rect" coords="703,1570,719,1586" href="https://hub.docker.com/_/scratch/" target="_blank"/>
<area shape="rect" coords="707,1659,723,1675" href="https://github.com/opencontainers/image-spec/blob/main/spec.md" target="_blank"/>
<area shape="rect" coords="1328,1619,1344,1635" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/media/azure-container-registry-integration/aks-acr-integration-detailed.png" target="_blank"/>
<area shape="rect" coords="931,1423,947,1439" href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/media/azure-container-registry-integration/container-security-acr-page.png#lightbox" target="_blank"/>
<area shape="rect" coords="2549,1608,2565,1624" href="https://github.com/ksoclabs/awesome-kubernetes-security" target="_blank"/>
<area shape="rect" coords="2796,254,2812,270" href="https://kubernetes.io/docs/concepts/security/overview/" target="_blank"/>
<area shape="rect" coords="2919,211,2935,227" href="https://d33wubrfki0l68.cloudfront.net/50846f7aa12f39c374f4e5ace769efe26a92f7d7/8fe83/images/docs/4c.png" target="_blank"/>
</map>
</body>
</html>