Download PDF version
|
Internal |
Passing Juice |
Configure Liveness, Readiness and Startup Probes
|
External |
Passing Juice |
Container Lifecycle Hooks
|
External |
Passing Juice |
Horizontal Pod Autoscaler
|
External |
Passing Juice |
Kubernetes Event-driven Autoscaling (KEDA)
|
External |
Passing Juice |
Azure Key Vault Provider for Secret Store CSI Driver
|
External |
Passing Juice |
AKV2K8S
|
External |
Passing Juice |
Key Vault and flex volumes (Deprecated)
|
External |
Passing Juice |
Use pod identity
|
External |
Passing Juice |
Do not use Pod Identity v1 with kubenet !
|
External |
Passing Juice |
Namespaces
|
External |
Passing Juice |
Managing Compute Resources for Containers
|
External |
Passing Juice |
Take benefit of the Quality of Service
|
External |
Passing Juice |
Configure a Security Context for a Pod or Container
|
External |
Passing Juice |
Kubernetes YAML: Enforcing best practices and security policies
|
External |
Passing Juice |
13 Best Practices for Using Helm
|
External |
Passing Juice |
kube-score
|
External |
Passing Juice |
Checkov
|
External |
Passing Juice |
kubelinter
|
External |
Passing Juice |
SNYK 10 Docker Image Security Best Practices
|
External |
Passing Juice |
21 Best Practises in 2021 for Dockerfile
|
External |
Passing Juice |
Dockle
|
External |
Passing Juice |
Hadolint
|
External |
Passing Juice |
Introduction to Azure Defender for container registries
|
External |
Passing Juice |
Identify vulnerable container images in your CI/CD workflows
|
External |
Passing Juice |
Palo Alto CI/CD Integration (twistcli)
|
External |
Passing Juice |
Aquasec CI/CD Integration
|
External |
Passing Juice |
Qualys CI/CD Integration
|
External |
Passing Juice |
StackRox CI/CD Integration
|
External |
Passing Juice |
Clair CI/CD Integration
|
External |
Passing Juice |
Prisma Threshold enforcement
|
External |
Passing Juice |
AquaSec Proactive Risk Management
|
External |
Passing Juice |
Azure Built-In Policy
|
External |
Passing Juice |
Prisma Managing Compliance
|
External |
Passing Juice |
Aqua Image Assurance Policies
|
External |
Passing Juice |
StackRox Compliance
|
External |
Passing Juice |
Accelerate application modernization with Azure Migrate: App Containerization
|
External |
Passing Juice |
Kubernetes Deployment Strategies
|
External |
Passing Juice |
Updating images
|
External |
Passing Juice |
Azure Security Center : scanning feature (Qualys)
|
External |
Passing Juice |
Prisma (ex Twistlock)
|
External |
Passing Juice |
Aqua
|
External |
Passing Juice |
Anchore
|
External |
Passing Juice |
Use the Azure Policy : Ensure only allowed container images in AKS
|
External |
Passing Juice |
Using ImagePolicyWebhook
|
External |
Passing Juice |
Using egress lockdown and authorizing only the URL of your registry
|
External |
Passing Juice |
Prisma Runtime defense
|
External |
Passing Juice |
Aqua Runtime Policies Overview
|
External |
Passing Juice |
StackRox Threat Detection
|
External |
Passing Juice |
Falco
|
External |
Passing Juice |
ACR Quarantine
|
External |
Passing Juice |
Azure Container Registry roles and permissions
|
External |
Passing Juice |
Azure Container Registry Private Link
|
External |
Passing Juice |
Google distroless images
|
External |
Passing Juice |
Isolating cluster
|
External |
Passing Juice |
Isolating cluster
|
External |
Passing Juice |
Secure access to the API server using authorized IP address ranges
|
External |
Passing Juice |
AKS-managed Azure Active Directory integration
|
External |
Passing Juice |
Disable local accounts
|
External |
Passing Juice |
AKS System Pools
|
External |
Passing Juice |
Use managed identities in Azure Kubernetes Service
|
External |
Passing Juice |
Use FIPS-enabled node pool (preview)
|
External |
Passing Juice |
AKS CIS benchmark
|
External |
Passing Juice |
AKS architecture reference for PCI-DSS 3.2.1
|
External |
Passing Juice |
Set AKS auto-upgrade channel
|
External |
Passing Juice |
Limit cluster access via K8S RBAC for users & workloads
|
External |
Passing Juice |
Create a private cluster
|
External |
Passing Juice |
Use azure CLI to run command on a private cluster
|
External |
Passing Juice |
Use public DNS with a private cluster
|
External |
Passing Juice |
AKS Autoscaler
|
External |
Passing Juice |
Choosing a worker node size
|
External |
Passing Juice |
Choose the right storage type
|
External |
Passing Juice |
Automatically build new images on base image update
|
External |
Passing Juice |
Azure DevOps - Trigger pipeline from Docker image update
|
External |
Passing Juice |
Authenticate with Azure Container Registry from AKS
|
External |
Passing Juice |
Reduce latency with proximity placement groups
|
External |
Passing Juice |
Kubernetes KMS
|
External |
Passing Juice |
Use Azure Traffic Manager to route traffic
|
External |
Passing Juice |
Enable geo-replication for container images
|
External |
Passing Juice |
Create an AKS cluster across availability zones
|
External |
Passing Juice |
Plan for multiregion deployment
|
External |
Passing Juice |
Create a storage migration plan
|
External |
Passing Juice |
Backup, restore and migrate Kubernetes resources including state to another AKS cluster with Velero
|
External |
Passing Juice |
Azure Kubernetes Service (AKS) Uptime SLA
|
External |
Passing Juice |
Inter-pod affinity and anti-affinity
|
External |
Passing Juice |
Size the nodes for storage needs
|
External |
Passing Juice |
Dynamically provision volumes
|
External |
Passing Juice |
Secure and back up your data
|
External |
Passing Juice |
Remove service state from inside containers
|
External |
Passing Juice |
Kubenet vs CNI
|
External |
Passing Juice |
Plan IP addressing for your cluster
|
External |
Passing Juice |
Distribute ingress traffic
|
External |
Passing Juice |
Secure traffic with a web application firewall (WAF)
|
External |
Passing Juice |
Tutorial: only allow approved domain names as ingress hostnames
|
External |
Passing Juice |
Create an ingress controller to an internal virtual network
|
External |
Passing Juice |
Control traffic flow with network policies
|
External |
Passing Juice |
Calico
|
External |
Passing Juice |
Cillium
|
External |
Passing Juice |
Recipes of best default network policies
|
External |
Passing Juice |
Enforce resource quotas
|
External |
Passing Juice |
Resources quotas
|
External |
Passing Juice |
LimitRange
|
External |
Passing Juice |
Assign Memory Resources to container
|
External |
Passing Juice |
Plan for availability using pod disruption budgets
|
External |
Passing Juice |
Specifying a Disruption Budget for your Application
|
External |
Passing Juice |
Windows container version compatibility
|
External |
Passing Juice |
Limitations of Windows containers
|
External |
Passing Juice |
Understand pod lifecycle
|
External |
Passing Juice |
What network plug-ins are supported?
|
External |
Passing Juice |
How do patch my Windows nodes?
|
External |
Passing Juice |
Regularly update to the latest version of Kubernetes
|
External |
Passing Juice |
Use the auto-upgrade feature
|
External |
Passing Juice |
Azure Kubernetes Service (AKS) node image upgrades
|
External |
Passing Juice |
Process Linux node updates and reboots using Kured (not recommended because it can behave incorrectly in some cluster configurations like autoscaling)
|
External |
Passing Juice |
Use Event Grid to know when an upgrade is available
|
External |
Passing Juice |
Kured (KUbernetes REboot Daemon)
|
External |
Passing Juice |
Securely connect to nodes through a bastion host
|
External |
Passing Juice |
AKS Periscope
|
External |
Passing Juice |
kubestriker
|
External |
Passing Juice |
Kube-advisor by Alcide.io
|
External |
Passing Juice |
kubebench
|
External |
Passing Juice |
Azure Kubernetes Services integration with Security Center
|
External |
Passing Juice |
Azure Monitor for AKS
|
External |
Passing Juice |
Elastic Cloud
|
External |
Passing Juice |
Datadog
|
External |
Passing Juice |
Enable and review Kubernetes master node logs
|
External |
Passing Juice |
Configure scraping of Prometheus metrics
|
External |
Passing Juice |
Deploying ELK
|
External |
Passing Juice |
Solution for onboarding Kubernetes/AKS workloads onto Application Insights monitoring.
|
External |
Passing Juice |
Zero instrumentation application monitoring for Kubernetes hosted applications (deprecated)
|
External |
Passing Juice |
Azure Policies for AKS
|
External |
Passing Juice |
Gatekeeper
|
External |
Passing Juice |
The Definitive Guide to Securing Kubernetes
|
External |
Passing Juice |
Introduction to Azure Defender for Kubernetes
|
External |
Passing Juice |
Tutorial: Configure and run the Azure Key Vault provider for the Secrets Store CSI driver on Kubernetes
|
External |
Passing Juice |
Guide To GitOps
|
External |
Passing Juice |
What is Azure Arc enabled Kubernetes?
|
External |
Passing Juice |
Helm
|
External |
Passing Juice |
kubectl aliases
|
External |
Passing Juice |
kubectx
|
External |
Passing Juice |
k9s
|
External |
Passing Juice |
Recommended labels
|
External |
Passing Juice |