Azure Policy has gone into preview for AKS (Azure Kubernetes Service)
As Kubernetes has become a go-to container orchestration platform for organisations that are looking to deploy and scale their software, it has had to evolve its existing and new security feature sets.
To improve the security of your Azure Kubernetes Service (AKS) cluster, you can now secure your pods with Azure Policy (in preview). This integration enables you to deny and audit pod requests to an AKS cluster that violates policy. Users can choose from a list of 16 built-in options and two initiatives (which map to standards set in Kubernetes pod security policy) and apply those policies to secure pods.
Azure policy for AKS utilises the Open Source Policy Agent based on the Rego Policy Language. However, Microsoft has managed to deliver this in a less daunting way.
Instead of having to learn Rego, you can simply configure policies the same way you do for any other Azure resource (via the portal).
Some of the initial policies in preview include;
- Don’t allow privileged containers
- Containers should run with a read-only root file system
- Ensure CPU & Memory are inside the limits of the cluster
- Ensure only allowed container images are used
- FlexVolume should only use allowed storage drivers
Azure Policy for AKS can also be used to prevent resource creation if it is against a policy, and even provide a useful error response.
These policies are a critical component of any DevOps deployment, as Azure Policy establishes guard-rails for best practice. With guard-rails in place, users are free to work without having to raise a hand to get permission from governance stakeholders (sometimes referred to as gatekeepers).
Azure Policy Add-on for Kubernetes service allows you to apply at-scale enforcements and safeguards on your clusters in a centralised, consistent manner.
Why you need to advance your data strategy
The financial services industry, like many other industries, have grand plans for digital transformation. A key part of this digital transformation is data & analytics.
Why Data should be the lifeblood of your organisation
When data is used effectively it empowers organisations to make decisions based on facts, trends, and statistical numbers. With data volumes growing exponentially, it’s now becoming increasingly more difficult to locate and surface the right information to be able to make better decisions about strategy and growth.