Microsoft Showcases Use of Kata Containers for Pod Sandboxing, Zero Trust Environments on Azure Kubernetes Service (AKS) at OpenInfra Summit Vancouver
At the OpenInfra Summit Vancouver today, Microsoft declared its love for open source.
Amar Gowda, product manager for Azure Confidential Computing, and Michael Withrow, product manager for Azure Kubernetes Service (AKS), took to the keynote stage to share how Microsoft loves using open source software to build and support its cloud-native offerings. A case in point is how Microsoft is leveraging Kata Containers, an OpenInfra project.
Kata Containers on AKS for Pod Sandboxing
Since February, Kata Containers has been available for early preview on AKS. “Kata VM Isolated Containers on AKS for Pod Sandboxing” has been extremely well-received by internal and external AKS customers. Early use cases include isolation of workloads in a shared host and running off-the-shelf untrusted containers. The tech stack comprises Microsoft Hypervisor, nested virtual machines (VMs), and Cloud-Hypervisor as Virtual Machine Manager (VMM).
Kata Confidential Containers for Zero Trust Operator Access on AKS
At KubeCon Amsterdam in April, Microsoft announced its intentions to utilize Kata Containers and confidential containers in the development and maintenance of zero-trust environments within AKS. Confidential containers on AKS leverage the base underlying technology stack that enables “Kata VM Isolated Containers on AKS for Pod Sandboxing” but uses specific Azure confidential computing (ACC) VM sizes.
At the OpenInfra Summit today, Gowda and Withrow treated the keynote audience to the latest news on this front.
Briefly, Confidential Containers (CoCo) is now a sandboxed Cloud Native Computing Foundation project built on top of Kata Containers and supported by contributions from Microsoft, Intel, IBM/RedHat, AMD and Alibaba Cloud. The project aims to enable cloud-native confidential computing by leveraging Trusted Execution Environments (TEEs) to protect containers and data. CoCo essentially puts your own Kubernetes administrator, cloud operator and arbitrary code out of the trust boundary. Based on early previews, scenarios such as data clean room or multi-party computation are extremely popular use cases. The CoCo community expects the project will be of particular interest to market segments such as banking, healthcare, public sector, defense and government.
Gowda and Withrow announced that Kata Containers support in AKS is going into public preview soon.
To see the full keynote check out the OpenInfra Foundation’s YouTube channel and stay tuned for the recording of Gowda and Withrow’s session, “Zero trust architecture for containers with Kata and Confidential Computing”.
