End-to-end Security on AKS using Azure Application Gateway for Containers with Managed Cilium

Your AKS cluster is one wide-open port 80 away from disaster, and "namespace A talks to namespace B" is not a security policy. In this Microsoft Azure Infrastructure Summit 2026 session, Azure Networking product managers show how to slam the door shut on the entire kill chain - from public internet to a single pod - using only two AKS-managed add-ons: Application Gateway for Containers (AGC) as the L7 front door with Azure WAF, and Cilium L7 via Advanced Container Networking Services (ACNS) as an identity-aware filter on every pod's door.
Through a live demo on a single cluster, a single AGC public IP hosts three tenants (Contoso, Fabrikam, Adventure Works) routed via the Kubernetes Gateway API. Watch Azure WAF kill a malicious GET that ACNS would have forwarded, see Cilium synthesize 403s on POST/PUT/DELETE while letting safe GETs through, and learn to read the difference between an L7 403 and an L4 silent drop on east-west pod-to-pod traffic. The team also demonstrates default-deny egress stopping a compromised-style pod from phoning home to bing.com while still letting kube-dns resolve - all enforced by eBPF on the same node before the packet leaves the host.
The result is security as code, written in YAML, observable through Hubble and pre-built Grafana dashboards, and generally available today. If you are still bolting NGINX and AGIC together with external WAFs, this session is your exit ramp to a zero-trust AKS posture managed entirely by first-party Azure add-ons.

📢 Speakers
Vyshnavi Namani - Product Manager
Darshil Shah - PRODUCT MANAGER

💡 Key Takeaways
- AGC and ACNS Cilium L7 are AKS-managed add-ons that together deliver L7 ingress and identity-aware east-west micro-segmentation without bolting on NGINX, AGIC, or external WAFs.
- Azure WAF on AGC blocks malicious L7 payloads at the edge (the demo kills a SQLi-style GET) before traffic ever reaches a pod.
- Cilium L7 policies enforce method and path rules per pod, returning observable 403s for denied verbs instead of opaque L4 drops, which makes troubleshooting and auditing dramatically easier.
- The Kubernetes Gateway API hosts multiple tenants (Contoso, Fabrikam, Adventure Works) behind a single AGC public IP, cutting per-site infrastructure cost and clarifying ownership boundaries between platform and app teams.
- Default-deny egress with DNS-aware policies stops compromised pods from phoning home to arbitrary internet endpoints while preserving kube-dns and other approved traffic.
- eBPF enforcement happens on the same node before the packet leaves the host, so policies are fast, observable, and decoupled from sidecars.
- Observability ships in the box: ACNS includes Hubble plus pre-built Grafana dashboards that surface flow metrics even for pods not yet under L7 enforcement.
- Both Application Gateway for Containers and Advanced Container Networking Services are generally available today for production and enterprise workloads.

📖 Resources
- AKS security concepts https://learn.microsoft.com/azure/aks/concepts-security - Core security concepts for Azure Kubernetes Service clusters and workloads.
- Cluster security best practices for AKS https://learn.microsoft.com/azure/aks/operator-best-practices-cluster-security - Operator best practices for hardening AKS clusters end to end.
- Defender for Containers introduction https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction - Microsoft Defender for Cloud's container threat protection across runtime and registry.
- AKS workload identity overview https://learn.microsoft.com/azure/aks/workload-identity-overview - Federated workload identity for pods accessing Azure resources without secrets.
- Azure Kubernetes Service documentation https://learn.microsoft.com/azure/aks/ - Top-level AKS documentation covering networking, ingress, and Cilium-powered CNI.

Видео End-to-end Security on AKS using Azure Application Gateway for Containers with Managed Cilium канала ITOpsTalk