SUSE goes back to the future to secure containers with CaaS v4

Forklift and container, image via Shutterstock
Forklift and container, image via Shutterstock

SUSE has debuted the latest version of its CaaS container management platform, with a range of features to address user feedback on v3, as well as one it thought of entirely on its own.

The new version junks the previous approach of a SUSE Linux Enterprise Server variant called MicroOS, and instead is installed using SUSE’s unified installer “as an add-on to SUSE Linux Enterprise 15 SP1”. The firm said this was a response to requests to integrate deployment and management with the standard SUSE tool set. That said, the firm added “We will reintroduce the ability to leverage transactional updates in a future release, this time using the implementation in the standard operating system products.”

The latest version also gets Terraform templates for “rich automation of configuration of underlying clusters on private cloud platforms.” This approach will also be extended to public clouds.

The new version should raise the limits on cluster size in earlier versions. The firm said it had tested the platform with clusters of up to 250 nodes, and “we expect that, as we develop our public cloud deployment, we will be able to test on, and thereby confirm support of, much larger clusters.”

Advertisement

And v4 should be much more in sync with developments in the Kubernetes project itself, with a new version pledged within 90 days of each upstream Kubernetes version.

That covers the major requests from users. However, the firm is hoping to get ahead of customer demands by jacking up security. In its announcement of v4, it said that “one of the considerations that can slow adoption of microservices based application architectures is identical to one that slowed adoption of virtualized infrastructure over a decade ago: concerns about the security of the new technology.”

Its response is the addition of Cilium, which it said brings “network security enforcement”. Cilium is an open source project, which aims to bring visibility to the microservices layer, and “enforce both network-layer and application-layer security policies based on container/pod identity.”

Sticking with the VM comparison, SUSE says that Cilium could be thought of as the Open vSwitch of containers, “bringing complex and context-based network topologies to the world of containers, just as Open vSwitch did to the world of virtualized infrastructure”.

It added that “Cilium makes it possible to specify security policy not only in terms of IP addresses and ports, but also in terms of more application-related concepts such as DNS names and even Kubernetes labels, and to identify and secure traffic based on the actual layer 7 protocols (such as HTTP).”

All this comes at a price though, and the firm admitted,”In order to make major architectural changes, we could not make SUSE CaaS Platform easily upgradeable in place from version 3 to version 4. We recommend that you deploy new clusters and migrate your workloads.”

- Advertisement -