Microsoft ContainerService
Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes
Load Balancer Profile-Idle Timeout In Minutes |
Design Guidance:
Agent Pool Profiles-Node Labels | ||
Agent Pool Profiles-Node Taints | ||
Agent Pool Profiles-Tags | ||
Tags |
Node Labels | ||
Node Taints | ||
Tags |
Design Guidance:
Agent Pool Profiles-Availability Zones | ||
Agent Pool Profiles-Count | ||
Agent Pool Profiles-Enable Auto Scaling | ||
Agent Pool Profiles-Max Count | ||
Agent Pool Profiles-Max Pods | ||
Agent Pool Profiles-Min Count | ||
Auto Scaler Profile-Balance-similar-node-groups | ||
Auto Scaler Profile-Max-graceful-termination-sec | ||
Auto Scaler Profile-Scale-down-delay-after-add | ||
Auto Scaler Profile-Scale-down-delay-after-delete | ||
Auto Scaler Profile-Scale-down-delay-after-failure | ||
Auto Scaler Profile-Scale-down-unneeded-time | ||
Auto Scaler Profile-Scale-down-unready-time | ||
Auto Scaler Profile-Scale-down-utilization-threshold | ||
Auto Scaler Profile-Scan-interval |
Availability Zones | ||
Count | ||
Enable Auto Scaling | ||
Max Count | ||
Min Count |
Design Guidance:
Agent Pool Profiles-Os Type |
Node Image Version | ||
Os Type |
Design Guidance:
Disk Encryption Set Id |
Api Server Access Profile-Authorized Ipranges |
Agent Pool Profiles-Orchestrator Version |
Orchestrator Version |
Design Guidance:
SSH-Public Keys | ||
Service Principal Profile-Client Id | ||
Service Principal Profile-Secret |
Agent Pool Profiles-Enable Node Public Ip | ||
Agent Pool Profiles-Vnet Subnet Id |
Design Guidance:
Api Server Access Profile-Enable Private Cluster |
Enable Node Public Ip | ||
Mode | ||
Vnet Subnet Id |
Design Guidance:
Outbound Ips-Public Ips | ||
Network Profile-Network Policy |
Aad Profile-Admin Group Object Ids | ||
Aad Profile-Client App Id | ||
Aad Profile-Managed | ||
Aad Profile-Server App Id | ||
Aad Profile-Server App Secret | ||
Aad Profile-Tenant Id |
Design Guidance:
Aad Profile-Enable Azure Rbac | ||
Enable Rbac |
Identity-Type | ||
Additional Properties-Client Id | ||
Additional Properties-Object Id | ||
Additional Properties-Resource Id |
Design Guidance:
Kubernetes Version |
Last modified 1yr ago