Secure Kubernetes Services on Azure

Learn how to configure the Azure plugin on Panorama to manage VM-Series firewalls in AKS deployments.
To secure Azure Kubernetes services, you must first install the Azure plugin on Panorama and configure an Azure auto scaling deployment. The Azure plugin for Panorama supports tag-based VM monitoring and auto scaling, secures inbound traffic for Azure Kubernetes Services (AKS) clusters, and monitors outbound traffic from AKS clusters. The auto scaling templates allow you to leverage Azure auto scale metrics and the scale-in and scale-out thresholds to manage surges in demand for application workload resources by independently scaling the VM-Series firewalls.
To secure inbound traffic for your AKS cluster, you must first configure an Azure auto scaling deployment. The Palo Alto Networks Azure auto scaling templates work with Azure services and components to gather information about your network and resources, then create an auto-scaling tier of VM-Series firewalls for either greenfield or brownfield deployments. See the Palo Alto Networks Compatibility Matrix, to verify the minimum OS, plugin, and template versions required to secure AKS clusters.
Palo Alto Networks provides an AKS template that deploys an Azure Kubernetes Service (AKS) cluster in a new Azure VNet. The Azure plugin on Panorama helps you set up a connection which can monitor Azure Kubernetes cluster workloads, harvesting services you have annotated as “internal load balancer” and creating tags you can use in dynamic address groups. You can leverage Panorama dynamic address groups to apply security policy on inbound traffic routed to services running on your AKS cluster.

Recommended For You