Microsoft's Azure Kubernetes Service Getting Bolstered by Isovalent's Security, Networking and Observability Solutions
Microsoft and Isovalent on Monday announced efforts to bring eBPF capabilities to Microsoft's Azure Kubernetes Service (AKS).
The various eBPF integrations with AKS appear to be mostly at the preview stage right now. However, one of them that has advanced is the option to use Isovalent's Cilium solution, which enables "eBPF-powered networking, observability and security."
Cilium will be coming to AKS via native integration with the Azure Container Networking Interface (CNI), Microsoft's announcement indicated. The Cilium addition is expected to reach the preview stage "early next year," per that announcement.
Additionally, the Isovalent Cilium Enterprise product will get offered at some point as a Kubernetes container app, available from the Azure Container Marketplace, Microsoft noted.
The Cilium and Azure IP Address Management (IPAM) integration opens up performance, troubleshooting and scalability benefits for AKS users, Isovalent contended:
Users of AKS will benefit from all advanced Cilium features including a high-performance eBPF datapath, a scalable network policy and Kubernetes services implementation, and rich observability & troubleshooting capabilities.
Microsoft, for its part, indicated the Cilium support would provide "the most performant and best-in-class container networking platform for our AKS customers," without needing to add custom configurations.
Under the partnership arrangement, Microsoft will offer "first-line support" for AKS, in consultation with Isovalent. The two companies also will collaborate on "joint testing, compatibility, and versioning checks."
Other Collaborative Efforts
There are other collaborative efforts between Microsoft and Isovalent. For instance, there's a Cilium Enterprise integration with Microsoft Sentinel, which is Microsoft's security information and event management platform.
Here's how Isovalent described it:
By integrating [Cilium] with Microsoft Sentinel, security teams gain extensive visibility into AKS clusters including rich connectivity data, TLS visibility, network security violations, encryption status, and compliance monitoring events.
Also getting integrated with Microsoft Sentinel is Isovalent's Tetragon, which offers security and runtime oversights via eBPF.
Isovalent's Hubble, used for observability and viewing data for troubleshooting purposes, is getting integrated with Azure services, as well as with the Azure Monitor portal. Hubble works with the Azure Identity service, and supports role-based access security controls based on Azure user roles.
A lot of Azure identity and metadata capabilities are getting supported in Hubble as well, which will help with AKS tracing.
"The Azure integration of Hubble will natively understand Azure identity and metadata such as names and labels of nodes, VPCs, network security groups, and so on," Isovalent explained.
What is eBPF?
eBPF is said to be an abbreviation that's no longer defined, according to the eBPF Foundation.
However, eBPF is described by Isovalent as "extended BPF" (with the BPF part remaining undefined). Isovalent described eBPF as having originated from the BSD community. eBPF offers a way to add capabilities to the Linux kernel that aren't in the kernel. Isovalent, which bills itself as having created eBPF, also characterized it as providing a secure "sandbox" for this added operating system functionality.
Per that 2021 announcement, Google has already brought eBPF to its Google Kubernetes Engine-based managed services. So, Microsoft is now just starting to join in such an effort with its AKS integration.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.