{"id":226,"date":"2023-06-20T16:46:00","date_gmt":"2023-06-20T16:46:00","guid":{"rendered":"http:\/\/blog.firatyasar.com\/?p=226"},"modified":"2024-03-17T16:49:48","modified_gmt":"2024-03-17T16:49:48","slug":"azure-kubernetes-serviceteki-aks-uygulamalar-ve-cluster-icin-guvenlik-kavramlari","status":"publish","type":"post","link":"https:\/\/blog.firatyasar.com\/?p=226","title":{"rendered":"Azure Kubernetes Service’teki (AKS) Uygulamalar ve Cluster \u0130\u00e7in G\u00fcvenlik Kavramlar\u0131"},"content":{"rendered":"\n

Azure Kubernetes Service (AKS) kullan\u0131rken, g\u00fcvenlik kapsaml\u0131 bir yakla\u015f\u0131m gerektirir. Bu makale, AKS’deki uygulamalar\u0131n\u0131z ve k\u00fcmeleriniz i\u00e7in g\u00fcvenlik kavramlar\u0131n\u0131, derleme g\u00fcvenli\u011finden ba\u015flay\u0131p, uygulama g\u00fcvenli\u011fine kadar detayl\u0131 bir \u015fekilde ele al\u0131r.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Build G\u00fcvenli\u011fi<\/strong><\/p>\n\n\n\n

G\u00fcvenli bir tedarik zinciri, derleme ortam\u0131n\u0131 ve kay\u0131t defterini kapsar. G\u00f6r\u00fcnt\u00fc derlemelerinin g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ve uyumluluk de\u011ferlendirmesi i\u00e7in statik analiz yap\u0131lmas\u0131 esast\u0131r. Geli\u015ftirme s\u00fcrecini kesintiye u\u011fratan bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunsa dahi, bu a\u015famada yap\u0131lan analizler, geli\u015ftirme ekiplerinin eyleme ge\u00e7irilebilir bilgilere eri\u015fimini sa\u011flar. Bu, belirli g\u00fcvenlik a\u00e7\u0131klar\u0131na g\u00f6re segmentasyon ve potansiyel sorunlar\u0131n erken a\u015famada d\u00fczeltilmesi i\u00e7in geli\u015ftiricilere zaman kazand\u0131r\u0131r.<\/p>\n\n\n\n

Registry G\u00fcvenli\u011fi<\/strong><\/p>\n\n\n\n

Kay\u0131t defteri g\u00fcvenli\u011fi, g\u00f6r\u00fcnt\u00fclerin g\u00fcvenlik a\u00e7\u0131\u011f\u0131 de\u011ferlendirmesini i\u00e7erir ve derleme ortam\u0131ndan gelmeyen g\u00f6r\u00fcnt\u00fcleri belirler. Noter V2 kullan\u0131larak imzalanan g\u00f6r\u00fcnt\u00fcler, da\u011f\u0131t\u0131mlar\u0131n g\u00fcvenilir bir kaynaktan geldi\u011finden emin olunmas\u0131n\u0131 sa\u011flar.<\/p>\n\n\n\n

Cluster G\u00fcvenli\u011fi<\/strong><\/p>\n\n\n\n

AKS, Kubernetes’in ana bile\u015fenlerini y\u00f6netilen bir hizmet olarak sunar. Her AKS k\u00fcmesi, izole edilmi\u015f bir ortamda \u00e7al\u0131\u015f\u0131r ve Kubernetes’in temel bile\u015fenlerini bar\u0131nd\u0131r\u0131r. Kubernetes API sunucusuna eri\u015fimi s\u0131n\u0131rlamak i\u00e7in Yetkili IP aral\u0131klar\u0131 veya \u00f6zel a\u011f yap\u0131land\u0131rmalar\u0131 kullan\u0131labilir. Ayr\u0131ca, Kubernetes rol tabanl\u0131 eri\u015fim denetimi (RBAC) ve Azure RBAC ile eri\u015fim kontrol\u00fc sa\u011flanabilir.<\/p>\n\n\n\n

Node G\u00fcvenli\u011fi<\/strong><\/p>\n\n\n\n

AKS d\u00fc\u011f\u00fcmleri, Azure sanal makineleridir ve i\u015fletim sistemi g\u00fcvenlik g\u00fcncellemeleriyle otomatik olarak da\u011f\u0131t\u0131l\u0131r. Linux ve Windows d\u00fc\u011f\u00fcmleri desteklenir ve her ikisi de g\u00fcvenlik a\u00e7\u0131s\u0131ndan g\u00fc\u00e7lendirilmi\u015ftir. D\u00fc\u011f\u00fcm yetkilendirmesi, Do\u011fu-Bat\u0131 sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma sa\u011flar ve varsay\u0131lan olarak etkindir.<\/p>\n\n\n\n

Network G\u00fcvenli\u011fi<\/strong><\/p>\n\n\n\n

AKS, a\u011f g\u00fcvenli\u011fini sa\u011flamak i\u00e7in \u00e7e\u015fitli y\u00f6ntemler sunar. Kubernetes a\u011f ilkeleri, podlar aras\u0131 a\u011f trafi\u011fini s\u0131n\u0131rlamak i\u00e7in kullan\u0131labilir. Azure a\u011f g\u00fcvenlik gruplar\u0131, VM’ler ve podlar aras\u0131 trafik ak\u0131\u015f\u0131n\u0131 y\u00f6netmek i\u00e7in kullan\u0131l\u0131r. Ayr\u0131ca, Kubernetes giri\u015f denetleyicileri ve Azure’un sanal a\u011f \u00f6zellikleri, daha detayl\u0131 a\u011f g\u00fcvenli\u011fi politikalar\u0131n\u0131n uygulanmas\u0131na olanak tan\u0131r.<\/p>\n\n\n\n

\"Cisco<\/figure>\n\n\n\n

Uygulama G\u00fcvenli\u011fi<\/strong><\/p>\n\n\n\n

AKS’deki uygulamalar\u0131n\u0131z\u0131n g\u00fcvenli\u011fini art\u0131rmak i\u00e7in Kapsay\u0131c\u0131lar i\u00e7in Microsoft Defender kullan\u0131labilir. Bu, uygulamalar\u0131n\u0131zdaki g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 tespit etmeye ve bunlara kar\u015f\u0131 koruma sa\u011flamaya yard\u0131mc\u0131 olur. Uygulama g\u00fcvenli\u011fi, s\u00fcrekli tarama ve d\u00fczeltme eki uygulama i\u015flemlerini i\u00e7erir.<\/p>\n\n\n\n

Kubernetes Secrets<\/strong><\/p>\n\n\n\n

Kubernetes secret\u2019lar\u0131, podlara hassas verileri g\u00fcvenli bir \u015fekilde eklemenizi sa\u011flar. Bu, eri\u015fim kimlik bilgileri veya anahtarlar gibi bilgilerin g\u00fcvenli\u011fini sa\u011flar. Gizli diziler, podlar\u0131n ihtiya\u00e7 duydu\u011fu anda sa\u011flan\u0131r ve diske yaz\u0131lmaz. AKS’de g\u00fcvenli\u011fi sa\u011flamak, u\u00e7tan uca bir yakla\u015f\u0131m gerektirir. Bu makalede ele al\u0131nan g\u00fcvenlik kavramlar\u0131, g\u00fcvenli bir Kubernetes ortam\u0131 olu\u015fturman\u0131za yard\u0131mc\u0131 olacak temelleri sunar. Daha g\u00fcvenli uygulamalar ve k\u00fcmeler olu\u015fturmak i\u00e7in bu kavramlar\u0131 kapsaml\u0131 bir \u015fekilde uygulaman\u0131z \u00f6nemlidir.<\/p>\n","protected":false},"excerpt":{"rendered":"

Azure Kubernetes Service (AKS) kullan\u0131rken, g\u00fcvenlik kapsaml\u0131 bir yakla\u015f\u0131m gerektirir. Bu makale, AKS’deki uygulamalar\u0131n\u0131z ve k\u00fcmeleriniz i\u00e7in g\u00fcvenlik kavramlar\u0131n\u0131, derleme g\u00fcvenli\u011finden ba\u015flay\u0131p, uygulama g\u00fcvenli\u011fine kadar detayl\u0131 bir \u015fekilde ele al\u0131r. Build G\u00fcvenli\u011fi G\u00fcvenli bir tedarik zinciri, derleme ortam\u0131n\u0131 ve kay\u0131t defterini kapsar. G\u00f6r\u00fcnt\u00fc derlemelerinin g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ve uyumluluk de\u011ferlendirmesi i\u00e7in statik analiz yap\u0131lmas\u0131 esast\u0131r. Geli\u015ftirme\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":228,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[71,67,68,66,70,69],"_links":{"self":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/226"}],"collection":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=226"}],"version-history":[{"count":1,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/226\/revisions"}],"predecessor-version":[{"id":229,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/226\/revisions\/229"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/media\/228"}],"wp:attachment":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}