Skip to main content
Securing your Azure Kubernetes Service (AKS) cluster begins with a solid network foundation. In this lesson, we’ll examine the main networking options in AKS—including CNI plugins and network policies—and how they shape your cluster’s security posture.

Lesson Agenda

The image is a presentation slide titled "Agenda" with three topics: Networking Options, Configuration Options, and Networking Policies, each accompanied by an icon.
We’ll explore:
  1. Virtual networks, subnets, Network Security Groups (NSGs), and User-Defined Routes (UDRs)
  2. Kubernetes CNI vs. Azure CNI
  3. Network policies in AKS

Part 1: Virtual Networks, Subnets, NSGs, and UDRs

The image shows a section titled "Networking Security" with a checkmark next to "Virtual Networks, Subnets, NSGs, and UDRs."
In this section, we review the building blocks of Azure networking:
ComponentDescription
Virtual Network (VNet)Provides an isolated, private network for your AKS cluster.
SubnetSegments a VNet into smaller address spaces for different workloads.
Network Security Group (NSG)Applies inbound/outbound traffic rules at the subnet or network interface level.
User-Defined Route (UDR)Overrides Azure’s default system routes to direct traffic through custom appliances or firewalls.

Watch Video