Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Build Secure & Portable applications using AKS ...

Build Secure & Portable applications using AKS and its ecosystem

Slides related to the Global Azure Singapore 2023 talk about building secure and portable applications using AKS and its ecosystem. The demo showcases the integrations with Dapr and KEDA

Nilesh Gule

May 13, 2023
Tweet

More Decks by Nilesh Gule

Other Decks in Technology

Transcript

  1. $whoami { “name” : “Nilesh Gule”, “website” : “https://www.HandsOnArchitect.com", “github”

    : “https://GitHub.com/NileshGule" “twitter” : “@nileshgule”, “linkedin” : “https://www.linkedin.com/in/nileshgule”, “YouTube” : “https://www.YouTube.com/@nilesh-gule” “likes” : “Technical Evangelism, Cricket”, “co-organizer” : “Azure Singapore UG” }
  2. AKS Best Practices – Cluster Operator Multi-Tenancy Authentication and Authorization

    • Azure AD • Kubernetes RBAC • Azure RBAC • Pod Identities Cluster Isolation • Multi-tenancy and logical separation using namespaces Basic scheduler • Resource Quotas • Pod Disruption Budget Advanced scheduler • Taints & Tolerations • Node selectors and affinity • Inter-pod affinity and anti-affinity
  3. AKS Best Practices Security • Cluster Security & Upgrades •

    Secure API Server • Limit container access • Manage upgrades & node reboots • Container Image Management • Secure images and runtimes • Automate builds on base image updates • Pod Security • Secure access to resources • Limit Credentials exposure • Use Pod Identities and Digital Key Vaults Network & Storage • Network Connectivity • Different network models using ingress and WAF • Secure node SSH access • Storage & Backup • Appropriate storage type & node size • Dynamically provision volumes • Data Backups Developer • Manage resources • Resource Requests & Limits • Pod Security • Secure access to resources • Limit credentials exposure • Use Pod Identities & Digital Vaults
  4. Summary • Modern applications are loosely coupled and highly portable

    • AKS provides native integrations to Dapr and KEDA • KEDA helps to auto scale on metrics external to Kubernetes • Dapr tries to simplify the Microservices development and deployment • Dapr Components help to extract underlying functionality and provides abstractions • Best practices related to AKS • Make app portable to run in serverless as well as managed cloud services
  5. Nilesh Gule ARCHITECT | MICROSOFT MVP “Code with Passion and

    Strive for Excellence” nileshgule @nileshgule Nilesh Gule NileshGule www.handsonarchitect.com https://bit.ly/youtube-nileshgule
  6. Q&A