11 software delivery problems solved by intelligence software delivery platform  Download
Select Page

Compliance verification for Kubernetes

Gopal Dommety March 25, 2019
Share

This blogs describes methods of verifying and enforcing compliance with OpsMx Autopilot. Dynamic Admission Control mechanisms of Kubernetes provide the framework to achieve compliance.

Admission Control in Kubernetes

Admission control mechanism is an important construct that is going into beta in next release of Kubernetes. Read more about here. https://unofficial-kubernetes.readthedocs.io/en/latest/admin/admission-controllers

Compliance Verification need the following three pieces of the puzzle:

  • Admission Control Plug-in
  • Admission Webhooks
  • Admission Webhooks Server

What is an Admission Control Plug-in? An admission control plug-in is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized. The plug-in code is in the API server process and must be compiled into the binary in order to be used at this time”. Read more about Admission Controllers here: https://kubernetes.io/docs/reference/access-authn-authz/admission-controller

What are Admission Webhooks? Admission webhooks are HTTP callbacks that receive admission requests and do something with them.

What is an admission webhook server? Admission webhook server handles the requests sent by the apiservers, and sends back its decision.

Compliance Verification

Compliance Verification needs

  1. Admission Control Plug-in. To Turn-on and Off please refer https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#why-do-i-need-them
  2. Admission Webhook Server – OpsMx Autopilot

OpsMx Autopilot as an Admission Webhook Server

OpsMx Autopilot is an admission webhook server. OpsMx Autopilot collects and analyses Logs, Metrics, Events and data from other sources to ensure risk is being reduced and compliance is being enforced.

Autpilot provides a flexible Rules Engine for your compliance needs and it also leverages both un-supervised and supervised machine-learning to asses performance, security and compliance at Speed and Scale.

If this sounds interesting, useful or would like to see a demo, please send us an email at customer@opsmx.com for to learn more.

Iocn

Gopal Dommety

Gopal Dommety is the CEO of OpsMx. OpsMx was founded with the vision of “delivering applications with no human intervention". OpsMx Enterprise for Spinnaker, a multi-cloud, and cloud-native Continuous Delivery Platform, is trusted by many Fortune-100 enterprises. Previously he was the CEO of N42 and held senior roles at Cisco. Gopal studied Computer Science at IIT (Kharagpur), Finance & Public Policy at Stanford University, and obtained a Ph.D. in Large Scale Distributed Systems from Ohio State University. He was awarded 61 US Patents and designed widely deployed and popular Internet Protocols.

You May Like