11. Network security in AKS
Securing a network is a critical activity in the protection of an application. The goal of a secure network is, on the one hand, to allow your users to connect to your applications and use all the functionalities you offer. On the other hand, you also need to protect your network from attackers. This means making sure that they cannot get access to critical parts of your network, and that even if they were to gain access, this would be limited.
When it comes to network security in AKS, there are two different layers to secure the network. The first is the control plane. The control plane refers to the managed Kubernetes master servers that host the Kubernetes API. By default, the control plane is exposed to the internet. You can secure the control plane either by limiting which public IP addresses can access it using a feature called Authorized IP ranges, or by deploying a private cluster, which means only the machines connected to your virtual...