Scripts in this repository implement a template for provisioning a password protected App Service which proxies (via VNet Integration) to a pod running on Azure Kubernetes Service serving static frontend (without anonymous cluster access) kept on a Files Share (and volume mounted using key kept in Kubernetes secrets vault).
After running the create script the app will be available at:
https://[PREFIX]app.azurewebsites.net/index.html
Note: RBAC is required for deployment of updated container images to the cluster
- Network concepts for applications in Azure Kubernetes Service (AKS)
- Create an ingress controller in Azure Kubernetes Service (AKS)
- Integrate your app with an Azure Virtual Network
- Tutorial: integrate Functions with an Azure virtual network
- Restrict egress traffic for cluster nodes in Azure Kubernetes Service (AKS)
- Microsoft Security Blog: Threat matrix for Kubernetes
- Security risk analysis for Kubernetes resources (kubesec.io)
- Example recipes for Kubernetes Network Policies
- Using RBAC Authorization (kubernetes.io)
- HashiCorp Blog: Injecting Vault Secrets Into Kubernetes Pods via a Sidecar
- Pod Security Policies (kubernetes.io)
- Falco: Cloud-Native Runtime Security Threat Detection
- Audit your Kubernetes clusters against common security controls: kubeaudit
- Check whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark: kube-bench
- DZone Security: Implementing Aqua Security to Secure Kubernetes
- Advanced Persistence Threats: The Future of Kubernetes Attacks (RSA Conference)
- Scale out your Raspberry-Pi Kubernetes cluster to the cloud
- Scale out your Raspberry Pi Nomad cluster to the cloud
- Consul Service Mesh across a private Raspberry Pi and a public Cloud