Microsoft Azure Insights: Kubernetes API server access; Managed Identity; Azure Functions; Provisioning IoT Hub; ADFS response headers

December 22 2019

Azure pros share their insights on securing Kubernetes API server access, using SDKs with Managed Identity, Azure Functions issues, provisioning IoT Hub and ADFS response headers.

Securing Kubernetes API server access

Daniel Neumann, writing on Daniel's Tech Blog looked into security best practices for Azure Kubernetes Service. Although it's secured with an Active Directory integration and only exposed with HTTPS, the API endpoint to a Kubernetes cluster can sometimes still be vulnerable. Currently, users have the choice of a private AKS cluster (in-preview) or IP whitelisting, with the Standard Load Balancer. According to Neumann, to run AKS with the Standard Load Balancer doesn't involve any redeployment. Rather, users can configure with CLI, Terraform or Resource Manager templates.

Often, users may also need to whitelist IP address ranges for Azure DevOps, as well. For example, if hosted in the West Europe region, all IP addresses for that region need to be whitelisted. Sometimes neighboring regions also need to be whitelisted, and Neumann pointed out that the whitelisting process also whitelists Azure CloudShell.

Azure SDKs with Managed Identity

About MSDW Reporter

More about MSDW Reporter