User Review
( votes)Microsoft Azure pros share their thoughts on security Kubernetes API access, Firewall updates in February, changes to certifications and the impact of cloud-native, serverless and containerized tech.
Securing Kubernetes API access
Richard Hooper, writing on Pixel Robots, explained how to secure access to the Kubernetes API on an Azure Kubernetes Service (AKS) cluster. By default, the API is internet accessible with HTTPS. Initially, Hooper cleared up any confusion for readers of his recent blogs pertaining to role-based access control and Azure Active Directory. Although these services provide valuable security and “lock down” of the system, for some organizations they made not be enough. In fact, Azure Security Center even warns users if it detects that security recommendations aren’t being met.
Fortunately, it’s easy to update access control with Azure CLI. Navigating in the environment, Hooper selected an AKS cluster and defined allowed IP addresses and confirmed access with a kubectl command. Users have to be cautious to allow Azure DevOps IP ranges if they are using the service or builds may break. He wrote:
It’s a bit of a pain, but as I am sure you are aware Security always is. I for one will be using this for all of my AKS clusters going forward and would advise you do too. Just remember if your pipeline fails due to it being unable to connect to the AKS cluster update the IP whitelist.