HomeCompanyProduct
Search…
⌃K
Links

Microsoft ContainerService

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Session Limits

Microsoft.ContainerService/managedClusters

Load Balancer Profile-Idle Timeout In Minutes
Terraform

Asset Inventory

Design Guidance:

Microsoft.ContainerService/managedClusters

Agent Pool Profiles-Node Labels
Terraform
Agent Pool Profiles-Node Taints
Terraform
Agent Pool Profiles-Tags
Terraform
Tags
Terraform

Microsoft.ContainerService/managedClusters/agentPools

Node Labels
Terraform
Node Taints
Terraform
Tags
Terraform

Design for High Availability

Design Guidance:

Microsoft.ContainerService/managedClusters

Agent Pool Profiles-Availability Zones
Terraform
Agent Pool Profiles-Count
Terraform
Agent Pool Profiles-Enable Auto Scaling
Terraform
Agent Pool Profiles-Max Count
Terraform
Agent Pool Profiles-Max Pods
Terraform
Agent Pool Profiles-Min Count
Terraform
Auto Scaler Profile-Balance-similar-node-groups
Terraform
Auto Scaler Profile-Max-graceful-termination-sec
Terraform
Auto Scaler Profile-Scale-down-delay-after-add
Terraform
Auto Scaler Profile-Scale-down-delay-after-delete
Terraform
Auto Scaler Profile-Scale-down-delay-after-failure
Terraform
Auto Scaler Profile-Scale-down-unneeded-time
Terraform
Auto Scaler Profile-Scale-down-unready-time
Terraform
Auto Scaler Profile-Scale-down-utilization-threshold
Terraform
Auto Scaler Profile-Scan-interval
Terraform

Microsoft.ContainerService/managedClusters/agentPools

Availability Zones
Terraform
Count
Terraform
Enable Auto Scaling
Terraform
Max Count
Terraform
Min Count
Terraform

Hardening

Design Guidance:

Microsoft.ContainerService/managedClusters

Agent Pool Profiles-Os Type
Terraform

Microsoft.ContainerService/managedClusters/agentPools

Node Image Version
Terraform
Os Type
Terraform

Transparent Data Encryption

Design Guidance:

Microsoft.ContainerService/managedClusters

Disk Encryption Set Id
Terraform

IP Whitelisting

Microsoft.ContainerService/managedClusters

Api Server Access Profile-Authorized Ipranges
Terraform

Deployment Security

Microsoft.ContainerService/managedClusters

Agent Pool Profiles-Orchestrator Version
Terraform

Microsoft.ContainerService/managedClusters/agentPools

Orchestrator Version
Terraform

Identification and Authentication

Design Guidance:

Microsoft.ContainerService/managedClusters

SSH-Public Keys
Terraform
Service Principal Profile-Client Id
Terraform
Service Principal Profile-Secret
Terraform

Subnet Isolation

Microsoft.ContainerService/managedClusters

Agent Pool Profiles-Enable Node Public Ip
Terraform
Agent Pool Profiles-Vnet Subnet Id
Terraform

Network Isolation and Segregation

Design Guidance:

Microsoft.ContainerService/managedClusters

Api Server Access Profile-Enable Private Cluster
Terraform

Microsoft.ContainerService/managedClusters/agentPools

Enable Node Public Ip
Terraform
Mode
Terraform
Vnet Subnet Id
Terraform

Information Systems Enforcing Network Access

Design Guidance:

Microsoft.ContainerService/managedClusters

Outbound Ips-Public Ips
Terraform
Network Profile-Network Policy
Terraform

Identity Lifecycle Management

Microsoft.ContainerService/managedClusters

Aad Profile-Admin Group Object Ids
Terraform
Aad Profile-Client App Id
Terraform
Aad Profile-Managed
Terraform
Aad Profile-Server App Id
Terraform
Aad Profile-Server App Secret
Terraform
Aad Profile-Tenant Id
Terraform

Utilize Role-based Access Control

Design Guidance:

Microsoft.ContainerService/managedClusters

Aad Profile-Enable Azure Rbac
Terraform
Enable Rbac
Terraform

Use Enterprise Accounts and Disable Local Accounts

Microsoft.ContainerService/managedClusters

Identity-Type
Terraform
Additional Properties-Client Id
Terraform
Additional Properties-Object Id
Terraform
Additional Properties-Resource Id
Terraform

Patch Management

Design Guidance:

Microsoft.ContainerService/managedClusters

Kubernetes Version
Terraform
Previous
Microsoft Compute
Next
Microsoft DevicesProvisioning
Last modified 7mo ago