I was excited to be in Seattle today for Microsoft’s “ultimate annual developer event”, Build, and participate in a session entitled “Why Kubernetes on Azure?”, together with Gabe Monroy, the Principal Program Manager for Containers at Microsoft Azure.
We saw not only that Calico is the ‘gold standard’ implementation of that API, but Tigera provides a set of capabilities that go beyond basic policy to address enterprise-class security requirements
— Gabe Monroy, Principal Program Manager for Containers, Microsoft Azure
The big news from this session is that Microsoft has committed to bringing support for robust network security to Azure Kubernetes Service (AKS). Partnering with Tigera to integrate Calico as an “out of the box” feature of AKS, Microsoft is underscoring its commitment to provide its customers with enterprise-class security as a native feature of the Azure platform.
Moreover, with tight integration between Calico and the Azure Container Networking Interface (CNI) plug-in, users will get the best of both worlds: high performance, VNET-native networking from the Azure SDN, with Calico’s container-native policy enforcement tightly integrated with Kubernetes.
“It was clear that a production-grade managed Kubernetes platform had to include support for the Network Policy API as a minimum for robust network security,” said Gabe Monroy. “As we examined a number of potential solutions, we saw not only that Calico is the ‘gold standard’ implementation of that API, but Tigera provides a set of capabilities that go beyond basic policy to address enterprise-class security requirements.”
Tigera Secure, built on Calico technology, will also be available for AKS users. Adding enterprise control and compliance features, Tigera Secure is an ideal option for teams needing the hierarchical access controls, monitoring, alerting and auditing capabilities essential to meet security audit requirements. Tigera also supports a practical path towards a ‘zero trust’ security model including integration with Istio/Envoy-based service mesh for application layer policy.