叢集和應用程式安全性Cluster and application security

熟悉 Kubernetes security essentials,並查看叢集和應用程式安全性指導的安全設定。Familiarize yourself with Kubernetes security essentials and review the secure setup for clusters and application security guidance. Kubernetes 安全性對於整個容器生命週期而言很重要,因為 Kubernetes 叢集的分散式動態本質。Kubernetes security is important throughout the container lifecycle because of the distributed, dynamic nature of a Kubernetes cluster. 應用程式的安全性只與組成應用程式安全性的服務鏈中最薄弱的連結一樣安全。Applications are only as secure as the weakest link in the chain of services that comprise the application’s security.

規劃、定型和證明Plan, train, and proof

當您開始時,以下安全性基本檢查清單和 Kubernetes 安全性資源將有助於您規劃叢集作業和應用程式安全性。As you get started, the security essentials checklist and Kubernetes security resources below will help you plan for cluster operations and application security. 在本節結束時,您將能夠回答下列問題:By the end of this section, you'll be able to answer these questions:

  • 您是否已複習 Kubernetes 叢集的安全性與威脅模型?Have you reviewed the security and threat model of Kubernetes clusters?
  • 是否已啟用您的叢集來 Kubernetes 角色型存取控制?Is your cluster enabled for Kubernetes role-based access control?

安全性檢查清單:Security checklist:

部署至生產環境並套用 Kubernetes 安全性最佳作法Deploy to production and apply Kubernetes security best practices

當您準備應用程式以進行生產時,請執行一組最小的最佳作法。As you prepare the application for production, implement a minimum set of best practices. 在這個階段使用此檢查清單。Use this checklist at this stage. 在本節結束時,您將能夠回答下列問題:By the end of this section, you'll be able to answer these questions:

  • 您是否已針對輸入、輸出和 pod 內通訊設定網路安全性規則?Have you set up network security rules for ingress, egress, and intra-pod communication?
  • 您的叢集是否已設定為自動套用節點安全性更新?Is your cluster set up to automatically apply node security updates?
  • 您是否正在為您的叢集和容器服務執行安全性掃描解決方案?Are you running a security scanning solution for your cluster and container services?

安全性檢查清單:Security checklist:

優化和調整Optimize and scale

應用程式現在已在生產環境中,您要如何優化您的工作流程,並準備您的應用程式和小組進行調整?Now that the application is in production, how can you optimize your workflow and prepare your application and team to scale? 使用「優化」和「調整」檢查清單來準備。Use the optimization and scaling checklist to prepare. 在本節結尾處,您將能夠回答這個問題:By the end of this section, you'll be able to answer this question:

  • 您可以大規模強制執行治理和叢集原則嗎?Can you enforce governance and cluster policies at scale?

安全性檢查清單:Security checklist:

  • 強制執行叢集治理原則。Enforce cluster governance policies. 以集中、一致的方式,在您的叢集上套用大規模大規模地規範和保護。Apply at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. 若要深入瞭解,請參閱 使用 Azure 原則控制部署To learn more, see Control deployments with Azure Policy.

  • 定期輪替叢集憑證。Rotate cluster certificates periodically. Kubernetes 會使用憑證來驗證它的許多元件。Kubernetes uses certificates for authentication with many of its components. 基於安全性或原則的考慮,您可能會想要定期輪替這些憑證。You might want to periodically rotate those certificates for security or policy reasons. 若要深入瞭解,請參閱 Azure Kubernetes Service 中將憑證輪替 (AKS) To learn more, see Rotate certificates in Azure Kubernetes Service (AKS).