Azure Kubernetes Service

Azure Kubernetes Service

Zone Failover / HA

Yes

• https://learn.microsoft.com/en-us/azure/aks/availability-zones

Regional Failover / HA

Manually, not automatically through cloud provider.
While technically doable, no different than manually deploying a new application stack in another region.

• https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-multi-region

Encryption at Rest

Host based encryption allows for data and cache stored at rest by platform or customer managed keys.
Defaults to server side encryption at rest

• https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption

Encryption in Transit

Prefect application based requires SSL / TLS.
SSL / TLS can be optionally configured within the cluster, but is not native to AKS.
Istio is used for kubernetes service mesh, and can be configured for intra-cluster encryption.

Compliance and Security Controls

• https://learn.microsoft.com/en-us/azure/aks/security-controls-policy