A while back we moved to Azure Kubernetes Service for running the Hyperfish service. One of the advertised benefits we liked about AKS was that it was a managed service and that Microsoft would help us keep it in good working order. Late last week the value of this really hit home when I saw the following headline:
Kubernetes’ first major security hole discovered
It’s fair to say this freaked me out (significantly) and I immediately started to look into what we needed to do in order to secure our environments ASAP.
I went digging on twitter and found this very helpful gem from Gabe Monroy:
Azure just patched every Kubernetes cluster in our fleet to ensure customers remain secure. 🔒https://t.co/AOlMTLUqgc
— Gabe Monroy (@gabrtv) December 3, 2018
What a relief! I’m guessing that having people on the team who not only build and run AKS but also work on the Kubernetes project itself meant that Microsoft got the heads up about this vulnrability well before the CVE was published.
This is a fantastic example of why a managed service can help you running your applications with less manual effort. That said a managed service comes with a set of tradeoffs usually around flexilbity and control and so your particular requirments will dictate if you are able to take advantage of one.