Hey everyone! I'm looking for some guidance on setting up a secure and scalable infrastructure on Azure AKS. I've been working with Kubernetes for a bit and feel comfortable with the basics, but I'm getting a bit lost with the Azure-specific aspects. I'm particularly confused about a few points:
- The difference between Managed Identity and Service Principals in AKS
- How network policies differ from vanilla Kubernetes
- Best practices for node pool sizing and autoscaling on AKS
- Securing the cluster, including RBAC, Azure AD integration, and private clusters
- Which tools work well within the Azure ecosystem, like Flux or Defender for Containers
I've tried googling it, but most tutorials either start from zero knowledge or dive too deep into enterprise setups without the context I need. If you've built something similar or have good resources (like docs, courses, or YouTube channels), I'd really appreciate your help! Thanks in advance!
3 Answers
You should definitely start with the Microsoft Learn pages. They break down everything you need to know in a really clear way. There are also some specific docs on AKS baseline that can get you going.
Hey, also check out my book called 'The AKS Book.' It covers a lot of what you're asking about and provides good insights on AKS setup.
For networking, I recommend using Azure CNI overlay combined with Calico for network policies. And when it comes to security, Microsoft's AKS baseline reference architecture on GitHub has great resources. For scaling, consider looking into tools like Finopsly for forecasting costs before deploying new node pools.
Good call on Finopsly! It's super helpful for managing costs right from the start.
Totally agree! The AKS baseline reference is a goldmine for security best practices.