Container Platform Landing Zone

A Container Platform Landing Zone is a pre-configured infrastructure setup designed to support the deployment of containerized serverless applications. This landing zone is designed to provide a secure and compliant environment for running containerized workloads on Azure Kubernetes Service (AKS).

• container-platform - this is the Container Platform management group

Active Policies

Policy	Effect	Description	Rationale
Kubernetes cluster pod security baseline standards for Linux-based workloads	Audit	his initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy	This initiative enforces several security best practices for Kubernetes pods, such as running containers as a non-root user and not allowing privilege escalation. These practices help to minimize the attack surface of your Kubernetes workloads and protect against common security threats.

• CFMM container-platform-landing-zone
• Policy Set K8S-Security-Baseline

Compliance Statements

• Container Platform Landing Zone: Restricts the list of permitted Azure services in relation to container Container-Platform.