Microsoft Azure Insights: Kubernetes API server access; Managed Identity; Azure Functions; Provisioning IoT Hub; ADFS response headers
Azure pros share their insights on securing Kubernetes API server access, using SDKs with Managed Identity, Azure Functions issues, provisioning IoT Hub and ADFS response headers.
Securing Kubernetes API server access
Daniel Neumann, writing on Daniel's Tech Blog looked into security best practices for Azure Kubernetes Service. Although it's secured with an Active Directory integration and only exposed with HTTPS, the API endpoint to a Kubernetes cluster can sometimes still be vulnerable. Currently, users have the choice of a private AKS cluster (in-preview) or IP whitelisting, with the Standard Load Balancer. According to Neumann, to run AKS with the Standard Load Balancer doesn't involve any redeployment. Rather, users can configure with CLI, Terraform or Resource Manager templates.
Often, users may also need to whitelist IP address ranges for Azure DevOps, as well. For example, if hosted in the West Europe region, all IP addresses for that region need to be whitelisted. Sometimes neighboring regions also need to be whitelisted, and Neumann pointed out that the whitelisting process also whitelists Azure CloudShell.
Azure SDKs with Managed Identity
FREE Membership Required to View Full Content:
Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here
or
login
FREE Membership Required to View Full Content:
Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here