Managed Kubernetes and security

Almost a sponsored post today, or better : a shared announcement.

You probably know that I am following Kubernetes rather closely, especially managed Kubernetes services (AKS, EKS or Openshift for example). One domain where these offerings have been lacking is network and security.

It is still a very sensitive subject for our customers, for containers related project, and still for public cloud projects. Security and networking teams have trouble adapting to the public cloud paradigms and architectures. There some fear of loss of control, some base fear of the unknown, and some real worry about how to handle networking and security.
Kubernetes (and the other orchestrators) adds another abstraction layer on top of the existing public cloud platforms, which does nothing to alleviate fear, to say nothing about complexity and transparency.

There are some very good solutions out there to manage network overlays into Kubernetes. My favourite is Calico, but you may like any of those. I’ll stick with Calico for a simple reason, which you will see below.

Microsoft and AWS are both working hard to provide a network overlay into their managed Kubernetes offering. They each chose their own path, but we will get to approximately the same point in a short time.

Thanks to Jean Poizat, we have the two announcements.
1) From Calico for Azure : https://www.tigera.io/tigera-calico-coming-to-azure-kubernetes-service-aks/
2) For AWS : https://itnext.io/kubernetes-is-hard-why-eks-makes-it-easier-for-network-and-security-architects-ea6d8b2ca965

The summary is that Calico will be integrated into AKS in a few weeks/months, and EKS will include AWS CNI.
And that is exactly what we were waiting for, along with our customers : managed Kubernetes, with security!

Leave a Reply