Container Security in Azure
This course introduces you to container security, Azure Container Registry authentication, Kubernetes clusters, and Microsoft Defender for Containers.
- A solid understanding of what options are available for securing your containerized applications in Azure and how to protect them from emerging threats
- Developers, IT professionals, and security experts who are looking to understand the different ways to secure their containerized applications in Azure
- Basic understanding of Containerized computing in Azure
Hello, and welcome to Managing Access to AKS with Azure RBAC.
Azure RBAC (Role-Based Access Control) is a feature that allows you to provide granular access to AKS resources across one or more subscriptions. It allows you to define access to the Kubernetes configuration file in AKS by using Azure role definition and role assignments. Azure RBAC allows you to assign built-in roles or to create custom roles, just as you would with Kubernetes roles.
For example, you can use the AKS Contributor role to upgrade a cluster. However, the Azure Kubernetes Service Cluster Admin role only allows permission to pull the Admin kubeconfig. You could give your user the general Contributor role, which allows the user to perform every action possible on the AKS resource, except managing permissions. It's important to note that you need to enable Azure RBAC for Kubernetes authorization before using Azure RBAC for Kubernetes Authorization.
AKS provides four built-in roles, similar to the Kubernetes built-in roles, but with a few differences, like supporting CRDs. The built-in roles are Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Kubernetes Service RBAC Admin, and Azure Kubernetes Service RBAC Cluster Admin. Each role has different permissions. The table on your screen shows how these permissions differ.
So, the key takeaway here is that Azure RBAC is a feature that allows you to control access to AKS resources across one or more subscriptions. It allows you to assign built-in roles or create custom roles, and it uses Azure role definition and role assignments to manage permissions. You need to enable Azure RBAC for Kubernetes authorization before using this feature, and you should familiarize yourself with the four built-in roles that AKS provides.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.