Azure Kubernetes Service
Networking in AKS
Network Security Introduction
Securing your Azure Kubernetes Service (AKS) cluster begins with a solid network foundation. In this lesson, we’ll examine the main networking options in AKS—including CNI plugins and network policies—and how they shape your cluster’s security posture.
Lesson Agenda
We’ll explore:
- Virtual networks, subnets, Network Security Groups (NSGs), and User-Defined Routes (UDRs)
- Kubernetes CNI vs. Azure CNI
- Network policies in AKS
Part 1: Virtual Networks, Subnets, NSGs, and UDRs
In this section, we review the building blocks of Azure networking:
| Component | Description |
|---|---|
| Virtual Network (VNet) | Provides an isolated, private network for your AKS cluster. |
| Subnet | Segments a VNet into smaller address spaces for different workloads. |
| Network Security Group (NSG) | Applies inbound/outbound traffic rules at the subnet or network interface level. |
| User-Defined Route (UDR) | Overrides Azure’s default system routes to direct traffic through custom appliances or firewalls. |
Links and References
- Azure Virtual Network Concepts
- AKS Networking Overview
- Network Security Groups Overview
- User-Defined Routes in Azure
Watch Video
Watch video content