Once you have onboarded your on-premises or other cloud’s Kubernetes cluster to Azure, you can use Azure services centrally. A brief description of these services is provided below.
GitOps is a method of deploying and managing applications using Git as a source of truth for declarative infrastructure and applications. It involves using Git to store declarative definitions of your infrastructure and applications and using automated tools to ensure that the actual infrastructure and applications match the desired state defined in Git.
By combining Azure Arc–enabled Kubernetes with GitOps, you can use Git as the source of truth for your Kubernetes clusters, allowing you to manage and deploy your applications consistently across different environments using a single control plane and a set of automated tools.
By using Azure Monitor with Azure Arc–enabled Kubernetes, you can gain valuable insights into the performance and availability of your clusters and applications and take proactive measures to optimize their performance and availability.
Azure Policy is a service in Azure that helps you manage and enforce compliance standards across your Azure resources. You can use Azure Policy to define rules and policies that implement specific compliance standards or best practices and automatically enforce those rules and policies across your Azure resources.
You can use Azure Policy with Azure Arc–enabled Kubernetes to ensure compliance for your Kubernetes clusters and their applications. For instance, you can use Azure Policy to enforce security standards, such as requiring all images in your clusters to be scanned for vulnerabilities or to ensure that your clusters meet specific regulatory or compliance requirements.
Security: Azure Sentinel and Azure Defender
Azure Sentinel is a cloud-native security information and event management (SIEM) platform that helps you detect, investigate, and respond to threats across your organization. Azure Sentinel uses AI/ML to analyze data from multiple sources (including Azure resources, on-premises resources, and third-party solutions) to identify potential threats and anomalies.
Azure Defender is a security solution that provides advanced threat protection for Azure and non-Azure resources via Azure Arc.
You can use Azure Sentinel and Azure Defender with Azure Arc–enabled Kubernetes to help secure your Kubernetes clusters and the applications running on them. For example, you can use Azure Sentinel to monitor your clusters for potential security threats, such as unauthorized access or malicious activity, and use Azure Defender to protect against threats, such as SQL injection attacks or unauthorized access to Key Vaults.
Identity and Access Management
Azure Arc–enabled Kubernetes provides several features to help you manage identity and access for your Kubernetes clusters and their applications.
One key feature is Azure Active Directory (Azure AD) integration, which allows you to use Azure AD to manage identities and access your clusters. Azure AD can define roles and permissions for your users and groups and enforce access control policies for your clusters.
Another feature is integration with Azure Private Link, which allows you to securely access your clusters from your on-premises networks or other cloud providers using a private network connection.
Additionally, Azure Arc–enabled Kubernetes supports integration with Azure Managed Identities, allowing you to use managed identities for your applications and services rather than manually managing and rotating credentials. This reduces the risk of security breaches due to compromised credentials.