📄️ Workload Identity
Workloads deployed on an Azure Kubernetes Services (AKS) cluster require Microsoft Entra application credentials or managed identities to access Microsoft Entra protected resources, such as Azure Key Vault and Microsoft Graph. Microsoft Entra Workload ID integrates with the capabilities native to Kubernetes to federate with external identity providers.
📄️ Signing a Container Image with Notation and Azure Key Vault
Container Secure Supply Chain
📄️ Securing AKS Applications with ACR Continuous Patching
Securing AKS Applications with ACR Continuous Patching
📄️ Pod Sandboxing
Pod Sandboxing on AKS, currently in Public Preview, provides an isolation boundary between the container application and the shared kernel and compute resources of the container host such as CPU, memory, and networking.
📄️ Azure Linux with OS Guard
Azure Linux with OS Guard on AKS, currently in Public Preview, is a hardened, immutable variant of Azure Linux for AKS. Built on the FedRAMP-certified Azure Linux 3.0 base and its sovereign supply chain, it adds kernel and runtime features that enforce immutability, code integrity and mandatory access control.