And if you want to deploy an image to Docker instance and make it fault-tolerant, you would need to deploy it to every single of the Docker containers. This is where Kubernetes comes to play.

Kubernetes

Kubernetes (also known as k8s or “kube”) is an open source container orchestration platform that automates many of the manual processes involved in deploying, managing, and scaling containerized applications.

  • Service discovery and load balancing Kubernetes can expose a container using the DNS name or using their own IP address. If traffic to a container is high, Kubernetes is able to load balance and distribute the network traffic so that the deployment is stable.
  • Storage orchestration Kubernetes allows you to automatically mount a storage system of your choice, such as local storages, public cloud providers, and more.
  • Automated rollouts and rollbacks You can describe the desired state for your deployed containers using Kubernetes, and it can change the actual state to the desired state at a controlled rate. For example, you can automate Kubernetes to create new containers for your deployment, remove existing containers and adopt all their resources to the new container.
  • Automatic bin packing You provide Kubernetes with a cluster of nodes that it can use to run containerized tasks. You tell Kubernetes how much CPU and memory (RAM) each container needs. Kubernetes can fit containers onto your nodes to make the best use of your resources.
  • Self-healing Kubernetes restarts containers that fail, replaces containers, kills containers that don't respond to your user-defined health check, and doesn't advertise them to clients until they are ready to serve.
  • Secret and configuration management Kubernetes lets you store and manage sensitive information, such as passwords, OAuth tokens, and SSH keys. You can deploy and update secrets and application configuration without rebuilding your container images, and without exposing secrets in your stack configuration

So with Kubernetes you can automate the orchestration of the Docker images. All docker images are inside pool that are their own unit.

Components of Kubernetes

Azure Kubernetes Service

Back in 2017 Microsoft release AKS (Azure Kubernetes Service)

Azure Container Registry is a private registry service for building, storing, and managing container images and related artifacts. In this quickstart, you create an Azure container registry instance with the Azure portal. Then, use Docker commands to push a container image into the registry, and finally pull and run the image from your registry

So with AKS developer can keep images for container in the registry and put them to pipelines that do the compliance check and then push to image to the clusters that have example docker in them.

And for this reason there is Defender for container registries, to protect the images from any harm.

Defender for container registries

Here is nice picture that will tell what will happen when you enable the protection and thus the monitoring.

High-level architecture of the interaction between Azure Security Center, Azure Kubernetes Service, and Azure Policy

And there is also an Defender for Kubernetes instead of only registries, really depends on your configuration and needs.

Azure Defender for Kubernetes - the benefits and features

Learn about the benefits and features of Azure Defender for Kubernetes.

And with this one you can go even further with Azure ARC and on-premises deployments of Kubernetes.

Protect hybrid and multi-cloud Kubernetes deployments with Azure Defender for Kubernetes

Use Azure Defender for Kubernetes with your on-premises and multi-cloud Kubernetes clusters

Defender for Kubernetes is currently in Public Preview so it's free and you shouldn't be using it in production, but it's a nice feature when it comes out.

A high-level architecture diagram outlining the interaction between Azure Defender for Kubernetes and an Azure Arc enabled Kubernetes clusters.

Availability

AspectDetails
Release statePreview
The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Required roles and permissionsSecurity admin can dismiss alerts
Security reader can view findings
PricingFree (during preview)
Supported Kubernetes distributionsAzure Kubernetes Service on Azure Stack HCI
Kubernetes
AKS Engine
Azure Red Hat OpenShift
Red Hat OpenShift (version 4.6 or newer)
VMware Tanzu Kubernetes Grid
Rancher Kubernetes Engine
LimitationsAzure Arc enabled Kubernetes and the Azure Defender extension don't support managed Kubernetes offerings like Google Kubernetes Engine and Elastic Kubernetes Service. Azure Defender is natively available for Azure Kubernetes Service (AKS) and doesn't require connecting the cluster to Azure Arc.
Environments and regionsAvailability for this extension is the same as Azure Arc enabled Kubernetes

And this is why I love Microsoft products, they provide the compliance, and governance and security for the whole set of various solutions and you can even use your Azure AD credentials in most of them.

What's new and coming

And there is at least seven new features releases concerning Kubernetes in the Book Of News.

Innovate from cloud to edge on your terms with Azure

The challenges of the past year revealed that serving and making a difference for each other, our communities, and the world around us is more critical than ever. In order to persevere and drive business success, organizations must be future-ready, build on their terms, operate hybrid seamless...

And link to whole book, nice reading.

Microsoft Inspire 2021 Book of News

The Book of News is a guide to all the key announcements made during Microsoft Inspire, July 14-15, 2021.

More to come as Microsoft Ignite is on it's way November 2–4! Stay tuned and safe!

Microsoft Ignite

Microsoft Ignite | Microsoft’s annual gathering of technology leaders and practitioners delivered as a digital event experience this November.

Archives