Azure Kubernetes服务(AKS)托管群集的安全模型
[英]Security model of Azure Kubernetes Service ( AKS ) Managed Clusters
问题描述
What is the security model of AKS managed clusters ? 
AKS托管群集的安全模型是什么? Does AKS cluster of company A & B share common resources like VM etc ? A和B公司的AKS集群是否共享VM等通用资源? Please clarify. 请澄清。 Thanks all. 谢谢大家
2 个解决方案
解决方案1
1 2019-07-16 05:13:17
security doesnt really stop at the RBAC (as the other answer mentions) level, you'd also need to consider network security (can be achieved with network policies, but you'd need Azure CNI in AKS for that), resource quotas, pod permissions, etc. 安全性并没有真正停止在RBAC级别(如其他答案所述),您还需要考虑网络安全性(可以通过网络策略来实现,但为此需要AKS中的Azure CNI),资源配额,pod权限等
So there's a lot to consider here, with little gains. 因此,这里有很多要考虑的方面,但收效甚微。 You could also use agent pools and create a separate pool for each company using AKS and instruct them to use specific node selectors for their stuff, but I dont think you can enforce it at all. 您还可以使用代理程序池,并使用AKS为每个公司创建一个单独的池,并指示他们为它们的内容使用特定的节点选择器,但是我认为您根本不能执行它。
解决方案2
0 2019-07-16 13:27:22
If you refer to the internal AKS infrastructure, what can be said is that controller nodes run on a shared infrastructure owned by Azure but secured and isolated between customers. 如果您指的是内部AKS基础结构,则可以说是控制器节点在Azure拥有的共享基础结构上运行,但在客户之间是安全且隔离的。
Worker nodes are owned in full by the customer, but partly managed by Azure (during upgrades for example), so never shared between customers. 工作节点完全由客户拥有,但部分由Azure管理(例如在升级过程中),因此永远不会在客户之间共享。
To understand more I suggest you open an issue here: https://github.com/Azure/AKS/issues 要了解更多信息,建议您在此处打开一个问题: https : //github.com/Azure/AKS/issues
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.