22.Lock ScreenEffect

Last week, Microsoft released a new update that adds pod sandboxing support to its Azure Kubernetes Service (AKS). The new feature allows organizations to run modern applications on AKS in an isolated and secure environment.

Microsoft explained that it’s a standard practice to use Kubernetes for hosting and managing modern applications in cloud environments. However, one of the major drawbacks is that the service doesn’t provide robust support for multi-tenancy capabilities. This makes it impossible to host multiple customers or workloads within a single instance of Kubernetes. 

According to Microsoft, modern applications that are bundled together as containers use the same operating system. Each container works like a separate process running on the computer which makes it challenging to keep the containers isolated from each other. This problem could be resolved by running each pod (a collection of containers) on a dedicated VM. However, this approach causes significant performance issues for customers.

To address this problem, Microsoft has developed a lightweight virtual machine (VM) infrastructure called Kata Containers. It’s compatible with Kubernetes and the container runtime interface (CRI) specifications. Microsoft explained that pods that target Kata Containers are treated by Kubernetes like all other containers. However, the process involves adding the containers to a lightweight virtual machine.