What are Kubernetes Guardrails?

Written By: Kendall Miller

If you’ve ever gone bowling with small children, you’ll easily visualize a bowling lane with the bumpers up. The purpose: allow the bowling ball to reach the pins without the danger of falling in a gutter.

Kubernetes guardrails serve a similar purpose: allow developers to work with Kubernetes securely, in compliance and cost-effectively so their code can reach production without falling into common pitfalls. Guardrails help enforce policies at the platform level so that developers do not even need to consider what Kubernetes configurations need to be done. Instead, they build and deploy code, with a safety net.

Guardrails are defined as “a strong fence at the side of a road or in the middle of an expressway, intended to reduce the risk of serious accidents. / a rail that prevents people from falling off or being hit by something.”

Kubernetes guardrails are that same strong fence around the platform preventing developers from accidently introducing risk, wasting cloud resources or having application performance issues.

Kubernetes Guardrails are Important at Scale

Organizations that are running Kubernetes at scale need to consider how many people are working on the platform, how many clusters are in production, how many add-ons are in use. The scale of the problem can get quickly out of hand if DevOps teams and platform engineers are having to audit Kubernetes configurations manually. Checking each cluster against Kubernetes best practices can take a lot of time and unfortunately some organizations don’t have the bandwidth to audit the platform or if they do, have no way of ensuring changes are made until the next audit.

Guardrails set by DevOps teams help eliminate this challenge. Instead of manually reviewing before pushing to production and/or in production, Kubernetes guardrails allow teams to put policy in place at the platform level and apply it consistently across the organization. Better yet, when used with an Admission Controller, guardrails allow DevOps teams to know that anything that doesn’t pass checks never make it to production.

Implementing Kubernetes Guardrails with Fairwinds Insights

The Fairwinds Insights’ DevOps platform allows users to automatically apply Kubernetes best practice guardrails and set customized policies consistently across clusters. For leaders, this means eliminating manual review and avoiding being the Kubernetes help desk. It also empowers developers to understand Kubernetes better, make changes before code check-in without needing to know everything. The result is a more efficient and effective development team and a DevOps team that can focus on their own sprints and day-to-day goals.

PagerDuty’s Tristan Bates said, “One of the big things we monitor, and that’s important to solve at an organization level are security and compliance standards that need to be in place for every team. We don’t necessarily want the teams to know about it, we want to make it easy to do the right thing without blocking productivity. That’s why we use Fairwinds Insights, its Admission Controller and reporting to manage Kubernetes security and compliance at PagerDuty. We even integrate it through the entire lifecycle to alert teams if they are doing something that’s out of what we’re supposed to be doing.”

Another customer, Variant, was completely able to eliminate its manual review process, saving the DevOps team at least a week every time developers pushed to production. That led not just to a faster development lifecycle, but also to improved job satisfaction from both the DevOps team as they can focus on their work and the developers as they didn’t have to be delayed.

Kubernetes guardrails are needed if you are doing anything with the cloud native technology at scale — whether that’s multiple clusters or multiple teams.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store