Slides related to the Global Azure Singapore 2023 talk about building secure and portable applications using AKS and its ecosystem. The demo showcases the integrations with Dapr and KEDA
11. AKS Best Practices – Cluster Operator Multi-Tenancy
Authentication and Authorization
• Azure AD
• Kubernetes RBAC
• Azure RBAC
• Pod Identities
Cluster Isolation
• Multi-tenancy and logical separation
using namespaces
Basic scheduler
• Resource Quotas
• Pod Disruption Budget
Advanced scheduler
• Taints & Tolerations
• Node selectors and affinity
• Inter-pod affinity and anti-affinity
12. AKS Best Practices
Security
• Cluster Security & Upgrades
• Secure API Server
• Limit container access
• Manage upgrades & node reboots
• Container Image Management
• Secure images and runtimes
• Automate builds on base image updates
• Pod Security
• Secure access to resources
• Limit Credentials exposure
• Use Pod Identities and Digital Key Vaults
Network & Storage
• Network Connectivity
• Different network models using ingress and
WAF
• Secure node SSH access
• Storage & Backup
• Appropriate storage type & node size
• Dynamically provision volumes
• Data Backups
Developer
• Manage resources
• Resource Requests & Limits
• Pod Security
• Secure access to resources
• Limit credentials exposure
• Use Pod Identities & Digital Vaults
13. Summary
• Modern applications are loosely coupled and highly portable
• AKS provides native integrations to Dapr and KEDA
• KEDA helps to auto scale on metrics external to Kubernetes
• Dapr tries to simplify the Microservices development and
deployment
• Dapr Components help to extract underlying functionality and
provides abstractions
• Best practices related to AKS
• Make app portable to run in serverless as well as managed cloud
services