Skip to content


Challenges of Container Vulnerability Management

In the dynamic landscape of modern application development, containers have emerged as the cornerstone of microservices, revolutionizing the way software is deployed and managed. However, as we celebrate the agility and efficiency brought by containers, a critical concern looms large in the background — the chaotic state of vulnerability management within the container ecosystem. Several noteworthy challenges persist :

  • Current-generation container vulnerability scanners lack contextual considerations and actionable suggestions, posing difficulties in effectively addressing and resolving vulnerabilities.

  • Security teams, accustomed to traditional methods, face challenges in adapting to container security, where the absence of clear context and mitigation measures complicates the resolution of issues.

  • Open source container projects exhibit inconsistent practices in disclosing vulnerabilities and providing information about fixed versions, further complicating the task of maintaining a secure environment.

AKS v1.28 Clusters using Rafay

Our recent release update in Jan to our Preview environment adds support for a number of new features and enhancements. We will write about the other new features in separate blogs. This blog is focused on our turnkey support for AKS v1.28.

This version of AKS was Generally Available (GA) starting Nov 2023 and go end of life in Nov 2024 i.e. with a 12 month support runway.

Both new cluster provisioning and in-place upgrades of existing AKS clusters are supported.

This release will be promoted from Preview to Production in a few days and will be made available to all customers.

Kubernetes v1.28

Declarative configuration for Cluster Overrides

Cluster overrides

By default, K8s objects require certain values be set inside their specs that match the cluster's configuration. If this were to done within the add-on (or workload) manifest, it would require that many duplicate add-ons (or workloads) would need to be created for a fleet of clusters. To mitigate this, the platform supports cluster overrides. These allow the customer to use a single add-on (or workload) org wide and dynamically inject values into a manifest as it is being deployed to the cluster.

Examples include:

  • Use of a different license key for a security tool based on the business unit

  • Configuration of different resource requests for a monitoring tool based on environment type (test or prod)

  • Dynamic configuration of cluster name during deployment of a load balancer (e.g. AWS Load Balancer)

Bare Metal Replication And Virtualization Environment (BRAVE)

BRAVE (Bare Metal Replication And Virtualization Environment) offers a virtual, cost-efficient, convenient, automated and on-demand tool for executing use cases requiring bare metal infrastructure.

Cost and complexity of bare metal deployments can be prohibitive for a number of non production use cases such as :

  • Creating on-demand labs for conducting quick proof of concepts, demonstrations or experiments
  • Creating testbed environments for development, debugging and automated testing
  • Performing comprehensive architectural and security assessments through construction of proof of concept deployments.

In-place Upgrades to Amazon EKS v1.28 Clusters using Rafay

In our recent release, we added support for in-place upgrades of EKS clusters based on Kubernetes v1.28.

Our customers have shared with us that they would like to provision new EKS clusters using new Kubernetes versions so that they do not have to plan/schedule for Kubernetes upgrades for these clusters right away. As a result, we generally introduce support for new cluster provisioning for the new Kubernetes version first and then follow up with support for zero touch in-place upgrades.


Organizations that wish to perform sophisticated checks for API deprecation etc are strongly recommended to use Rafay's Fleet Operations for Amazon EKS.

Infrastructure Templates for Generative AI on AWS

We constantly hear from our customers about wanting their developers to experiment with Generative AI. No organization wants to be left behind and they are all trying to find ways to empower their developers and application teams to be able to experiment with use cases powered especially by Generative AI.

According to recent Gartner research, >80% of enterprises will have used Generative AI APIs or Deployed Generative AI-Enabled Applications by 2026.

We have been listening to our customers and are happy to announce Rafay's Templates for AI & Generative AI. Platform teams can now provide their developers with a self service experience for Gen AI infrastructure enabling developers to experiment with new and innovative Generative AI use cases.

Gen AI Logo

Rightsizing exercises with Cost Explorer

As organizations increase their K8s footprint and onboard more applications, it becomes extremely critical to have an unified (cross account, cross cloud) view of resource utilization metrics across clusters. Without this, organizations will be running blind to their K8s cost structure and it will be impossible to operate their infrastructure in a cost effective manner.

A recent release introduced a new integrated capability within the platform referred to as "Cost Explorer". This capability provides organizations with necessary information to effectively undertake "cluster rightsizing" and "application rightsizing" exercises.