Amazon EKS clusters – Onboarding Containers
At the time of writing this chapter, Defender for Containers support for Amazon EKS clusters is a preview feature. To receive the full protection offered by Microsoft Defender for Containers, the following components are needed:
- Kubernetes audit logs
- Azure Arc-enabled Kubernetes
- The Defender extension
- The Azure Policy extension
To understand the full concepts and updated information, read the Microsoft documentation (https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-architecture?tabs=defender-for-container-arch-eks#architecture-diagram-of-defender-for-cloud-and-eks-clusters).
Figure 7.3 – Architecture diagram of Defender for Cloud and Amazon EKS cluster (source: Microsoft)
Google Cloud GKE cluster
At the time of writing this chapter, Defender for Containers support for GKE in a connected GCP project cluster is a preview feature. To receive the full protection offered by Microsoft Defender for Containers, the following components are needed:
- Kubernetes audit logs
- Azure Arc-enabled Kubernetes
- The Defender extension
- The Azure Policy extension
To understand the full concepts and updated information, read the Microsoft documentation (https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-architecture?tabs=defender-for-container-arch-eks#architecture-diagram-of-defender-for-cloud-and-eks-clusters).
Figure 7.4 – Architecture diagram of Defender for Cloud and GKE cluster (source: Microsoft)
Once containers are onboarded, Defender for Containers receives and analyzes the following information to protect Kubernetes containers:
- Audit logs and security events from the API server
- Cluster configuration information from the control plane
- Workload configuration from Azure Policy
- Security signals and events from the node level
Now that you understand the architecture diagram of Kubernetes clusters along with Microsoft Defender for Containers, let us now understand how the onboarding of Kubernetes clusters works.
Enabling Microsoft Defender for Containers for Kubernetes clusters
Microsoft Defender for Containers is a feature bundled with cloud-native solutions through Microsoft Defender for Cloud for securing your Kubernetes clusters.
Let us now understand how it works in the case of Azure Kubernetes clusters.