0
votes

What is the security model of AKS managed clusters ? Does AKS cluster of company A & B share common resources like VM etc ? Please clarify. Thanks all.

2
What do you mean exactly? You mean different companies as in different azure customers, each with their own azure subscription in which they both created an AKS cluster?Peter Bons
Any more update for the question? Please let me know it's helpful or not.Charles Xu

2 Answers

1
votes

security doesnt really stop at the RBAC (as the other answer mentions) level, you'd also need to consider network security (can be achieved with network policies, but you'd need Azure CNI in AKS for that), resource quotas, pod permissions, etc.

So there's a lot to consider here, with little gains. You could also use agent pools and create a separate pool for each company using AKS and instruct them to use specific node selectors for their stuff, but I dont think you can enforce it at all.

0
votes

If you refer to the internal AKS infrastructure, what can be said is that controller nodes run on a shared infrastructure owned by Azure but secured and isolated between customers.

Worker nodes are owned in full by the customer, but partly managed by Azure (during upgrades for example), so never shared between customers.

To understand more I suggest you open an issue here: https://github.com/Azure/AKS/issues