📄️ Workload Identity
Workloads deployed on an Azure Kubernetes Services (AKS) cluster require Microsoft Entra application credentials or managed identities to access Microsoft Entra protected resources, such as Azure Key Vault and Microsoft Graph. Microsoft Entra Workload ID integrates with the capabilities native to Kubernetes to federate with external identity providers.
📄️ Signing a Container Image with Notation and Azure Key Vault
Container Secure Supply Chain
📄️ Securing AKS Applications with ACR Continuous Patching
Securing AKS Applications with ACR Continuous Patching
📄️ Pod Sandboxing
Pod Sandboxing on AKS, currently in Public Preview, provides an isolation boundary between the container application and the shared kernel and compute resources of the container host such as CPU, memory, and networking.