AKS is the managed service from Azure for Kubernetes. When you create an AKS cluster, Azure creates and operates the Kubernetes control plane for you at no cost. The only thing you do as a user is to say how many worker nodes you’d like, plus other configurations we’ll see in this post. So, with that in mind, how can you improve the AKS cluster performance of a service in which Azure pretty much manages almost everything?

We are excited to announce the new security capabilities of Tigera Secure Enterprise Edition 2.4. This release enables enterprise security teams to extend their existing zone-based architectures and easily connect to external resources. The highlights include DNS Policies, Threat Defense, Compliance Dashboard and Reporting, and easier installation options.

In this blogpost we will demonstrate how to build a complete GKE security stack for anomaly detection and to prevent container runtime security threats. We will integrate Falco runtime security engine with Google Cloud Functions and Pub/Sub.

Today we are announcing the support for Windows containers with Kubernetes 1.14 in Preview mode. As many users may know, Rancher 2.1.0 supported Windows containers in experimental mode. Now that SIG Windows and Microsoft have announced the general availability of containers in Windows Server 2019 with Kubernetes 1.14, we have upgraded Rancher to both support the latest version of Windows containers (and Kubernetes) and after the preview is over, make it generally available.

Amazon ECS allows you to run Docker containers your application without having to actually manage physical hardware (or virtual hardware, in the case of the Fargate launch type). However, since it’s a managed service, you have less visibility with traditional monitoring tools. As such, it becomes even more important to take advantage of the available monitoring tools in AWS. In this post, we’ll explain how to use CloudWatch to monitor ECS and what is important to watch.

Recently, a member of the Falco community privately disclosed a capacity related vulnerability which, under circumstances where a malicious actor has already gained access to your system, could allow the actor to further bypass Falco’s detection of abnormal activity. The final details are still being worked out, but we believe the CVE will be classified as Medium severity according to the CVSS methodology.