Yesterday Microsoft dropped a bombshell in containersphere, announcing Azure Container Instances, or ACI.
ACI is a natural step in the evolution of cloud-native containers - it’s a way to run and consume containers directly in Azure, with no provisioning of VMs needed. This means that customers no longer have to spin up a VM in order to run containers on it, which is more efficient and scalable, and also allows leveraging Azure’s RBAC directly to govern access to containers.
With VMs gone, however, so goes the confidence of isolating workloads from each other, something many adopters of containers use today as a security layer. In fact, customers wouldn’t know where their containers are running. This make runtime protection of containers even more cardinal.
Another big change that ACI brings is that Microsoft released as open-source a connector to run ACIs directly from Kubernetes. This connector is actually an implementation of (ready for another 3-letter acronym?) CRI - the Container Runtime Interface of Kubernetes. It originated as a project led by OpenShift but was adopted by the K8S community.
CRI allows you to run containers using different container engines (not necessarily Docker Engine). For example, RKT (CoreOS’s engine) can run seamlessly over Kubernetes - earning it the nickname rktnetes.
At Aqua we’ve been adjusting our runtime controls instrumentation to handle CRI so we can provide the same level of protection to any CRI container as we have been to Docker Engine -based environments, including both monitoring and granular prevention of unauthorized activities such as file, executable or network access.
With OpenShift, CoreOS, and now Azure supplying CRI connectors for Kubernetes, we’re ready to take the plunge. If you’re interested in joining our private beta of runtime security for CRI based containers - let us know!
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.