10. Securing your AKS cluster
Loose lips sink ships is a phrase that describes how easy it can be to jeopardize the security of a Kubernetes-managed cluster (Kubernetes, by the way, is Greek for helmsman, as in the helmsman of a ship). If your cluster is left open with the wrong ports or services exposed, or plain text is used for secrets in application definitions, bad actors can take advantage of this negligent security and do pretty much whatever they want in your cluster.
In this chapter, we will explore Kubernetes security in more depth. You will be introduced to the concept of role-based access control (RBAC) in Kubernetes. After that, you will learn about secrets and how to use them. You will first create secrets in Kubernetes itself, and afterward create a Key Vault to store secrets more securely. You'll finish this chapter with a brief introduction to service mesh concepts, and you'll be given a practical example to follow.
The following topics will be...