Kubernetes Governance Webinar Recap

strongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

Kubernetes adoption presents new challenges for governance, as operations teams must verify and enforce rules across Kubernetes clusters and the applications running in those clusters. That’s why Justin McCarthy, CTO and co-founder of strongDM, recently sat down with Techstrong Group CCO Mike Vizard and a panel of experts to discuss common governance pitfalls, plus the tools and frameworks DevOps, compliance, and security teams are using to help manage them.

The full panel included:

  • Ritesh Patel—Co-founder and VP of Product at Nirmata
  • Mohamed Ahmed—VP of Developer Platforms at Weaveworks
  • Rachel Sweeney—Insights Enablement Engineer at Fairwinds
  • Haseeb Budhani—Co-Founder and CEO at Rafay Systems

So, what is required for successful Kubernetes adoption? Here’s the recap:

Flexibility, Meet Standardization

The panel discussed the pitfalls and challenges of Kubernetes governance, including:

  • What makes Kubernetes governance so challenging?
  • How do you prevent misconfigurations from being distributed across everything and creating havoc?
  • How do you apply governance across multiple clouds? What about data centers?
  • Are freedom and flexibility the enemies of standardization and governance?

Rachel Sweeney suggested that the best way to avoid misconfigurations and apply governance across multiple platforms is to shift governance earlier in the CI/CD pipeline. That way, she says, “It doesn't matter whether you're going to AWS or to every cloud out there. You can catch [mistakes] early.”

Mohamed Achmed countered–or perhaps expanded on–this idea, saying, “Ideally you should have your governance applied everywhere: at commit time, at build time, and at run time.”

When Ad Hoc Wreaks Havoc

Mike Vizard also asked a series of questions around the topic of shifting left when it comes to cloud security. 

  • Who's in charge of governance? Developers? At what point does somebody else get involved? What is that relationship, and how is it evolving?
  • At what point in your deployment does governance become an issue? 
  • How often is there forethought, and how often is Kubernetes governance ad hoc? 
  • Does shifting left make sense for Kubernetes governance? If so, what role do compliance and security teams play?

When it comes to establishing governance from the moment of adoption, Justin McCarthy thinks we’re on the right track, especially for teams deploying an application in a commercial environment. He joked, “You only care about governance if your data is important, and it seems like a minority of companies that would say their data isn't important.”

And security and compliance teams do have a role to play. Justin added, “there is a limit to how much you can pull left at the Kubernetes level,” particularly when working with third-party auditors. While automation is an important tool in gathering and presenting evidence for an audit, you still need a human who knows how the system is configured and how it is supposed to work.

“As-Code” in K8s Governance

Finally, the panelists addressed emerging tools and frameworks to help integrate Kubernetes governance into workflows.

  • Are you seeing the emergence of governance as code, where people are using APIs to embed the governance into their flow?
  • Does there need to be a change in mindset among security and compliance folks toward more open-source governance tools?

Justin said that automation has a role to play in Kubernetes governance, for example in the form of “automated binding to an identity provider.” 

Rachel added that both open-source and SaaS offerings can also play a part, depending on the maturity of the organization. The right choice lands “on a spectrum of how much time and experience you have, and that's going to put you on one end of the spectrum of doing it yourself, hiring somebody to do it for you, or using their software to do it.”

Want to hear more from the panelists? You can check out the replay. And if you need help managing access to Kubernetes and other infrastructure, come on over to strongDM for a free demo.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

logo
💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

SSH and Kubernetes Remote Identities
Supercharge Your SSH and Kubernetes Resources with Remote Identities
Learn how Remote Identities helps you leverage SSH and k8s capabilities to capitalize on infrastructure workflow investments you’ve already made.
Enterprise Kubernetes
Kubernetes in the Enterprise Webinar Recap
Join strongDM CTO Justin McCarthy and a panel of experts as they discuss the challenges, complexities, and best practices of enterprise k8s adoption.
DevOps Technologies
Survey Finds 5 DevOps Technologies That Are Hard to Manage
DevOps technologies are hard to manage. Throw a patchwork of tech across multiple clouds with developers, execs, and security working at cross-purposes, and people will quickly start to look for workarounds.
Pain in the Access: Kubernetes
Kubernetes Access Doesn't Need to Be Complex
Provisioning and maintaining Kubernetes access doesn’t need to be a full-time job. Much of it can be automated with strongDM, resulting in more productive system administrators and users who can access the necessary clusters for their jobs much faster.
K8s Kubernetes RBAC
Kubernetes Role-Based Access Control (RBAC)
An explanation of role-based access control (RBAC) in Kubernetes, why it is hard to manage manually and practical strategies for simplifying RBAC in large-scale clusters.