Secure Azure Kubernetes with Advanced Container Networking Services



The observability tools give you real-time data on network performance inside your AKS clusters, helping spot performance problems early, with visualization tools that show interconnections and how services interact. Meanwhile, the DNS tools work with Azure networking to help deploy a set of networking policies that control who and what has access to your service, while at the same time reducing the risk of DNS-based outages. If you’re using Retina for observability, you’ll need to switch to Cilium to use the networking tools in Advanced Container Network Services.

Using domain names to filter access to services makes sense when you’re working with orchestrator-driven environments such as Kubernetes. If you’re using IP addresses to filter, you need to continually update your access tables as nodes are added to an application or are removed. By focusing on domain names, it’s easier to control which hosts have access to which services, inside and outside AKS. The resulting access control tables are easier to read than lists of IP addresses, so secops engineers can quickly identify errors and risks.

Although ACNS is still in preview, it adds enough new features to be worth considering as part of your AKS infrastructure. With a mix of security and platform tools, it’s likely to become an essential component of an Azure cloud-native environment.



Source link