Fairwinds Integrates Kubernetes Config Tool With CI/CD Platforms
Fairwinds has updated its configuration validation platform for Kubernetes to provide tighter links to continuous integration/continuous delivery (CI/CD) platforms as code is checked into these platforms.
In addition, version 2.0 of Fairwinds Insights adds support for the Open Policy Agent (OPA) to enable IT teams to programmatically enforce policies and an Admission Controller, which runs policy checks against a container before it is deployed in a production environment.
Fairwinds President Kendall Miller says with the tighter CI/CD integration the SaaS-based platform will now enable DevOps teams to address potential Kubernetes misconfiguration issues that are rapidly becoming the bane of container security. Developers are employing a variety of tools to deploy Kubernetes clusters that often are misconfigured primarily because no one in the IT operations team was able to review those deployments beforehand. Cybercriminals are then scanning for those misconfigurations to do harm such as exfiltrate data through a port that has been inadvertently left open.
Rather than having a tool to scan for those misconfigurations that they then have to manage, Miller says it’s easier for DevOps teams to invoke a SaaS offering to check for configurations as part of their workflow.
Miller adds it’s mostly IT operations and cybersecurity teams that are encouraging DevOps teams to find a way to validate Kubernetes configurations.
Eventually, that validation process will become a natural extension of a set of best DevSecOps processes. In the meantime, however, there’s a tendency to overlook potential infrastructure configuration issues in the rush to deploy applications. That issue becomes even more challenging in Kubernetes environments because the opportunities to make a mistake are manifold.
It’s not clear to what degree misconfiguration concerns are slowing down rollouts of cloud-native applications on Kubernetes clusters. Most large enterprises are accelerating the deployment of many of these applications as part of digital business transformation initiatives despite cybersecurity concerns. However, smaller IT organizations are still often intimidated by both Kubernetes and all the third-party components required to effectively deploy applications on it. Some of those third-party tools are just as complex to deploy and manage as Kubernetes itself.
Fairwinds Insights was built to help drive a managed Kubernetes service provided by the company. In addition to identifying configuration issues, Fairwinds Insights provides insights into application resource usage to eliminate the need to engage in trial and error when adjusting CPU and memory settings to improve Kubernetes efficiency, along with built-in workflows, health checks, notifications, cost analytics and integrations with tools such as Slack and Datadog.
The SaaS implementation of Fairwinds Insights opens the monitoring capabilities of the platform to IT teams that prefer to self-manage their Kubernetes environments. It’s not quite clear to what degree IT organizations will prefer to rely on managed Kubernetes services versus deploying and managing Kubernetes clusters on their own. Those organizations that do prefer to manage their own Kubernetes clusters, however, clearly need all the management tools they can get.