Would you ever build a house without a roof? How about a master bedroom with no window? Even if you wanted to, your contractor would surely advise against it, and for good reason. You rely on the advice of a construction professional because… well, building a house is difficult and demands a firm understanding of best practices. The house needs a strong foundation, reinforced with rebar and other durable materials. It has to be wired correctly for future services; it needs windows and doors and vents and maybe even stairs. The list goes on and on.
Similarly, Kubernetes is the closest thing we have to a framework for building infrastructure anywhere in any cloud or in your own data center. As an open-source container orchestration platform, the Kubernetes framework can also be thought of as a foundation-one that takes a great deal of know-how to set up, manage and effectively pay for.
But unlike a real-life contractor who will tell you exactly how a roof and a bathroom can be safely built to code, Kubernetes will only give you the materials-the bags of cement and wooden beams-to construct a framework, a foundation. What Kubernetes will not give you are the guardrails and governance you need to best utilize those materials in a cloud-native computing environment. In other words, installing the bathroom is up to you.
Why so much focus on governance and guardrails?
As an enterprise, figuring out how to be production-ready at scale is a critical part of what you must do to build your foundation. When standardizing on-demand services for your development teams, a key practice for DevOps, you need to ensure the teams deploying Kubernetes clusters follow certain guidelines.
This automated process typically happens through policy management. Even if you have just a few clusters, mostly managed by one team or person, they still need to be synchronized. This reality can translate into a fair amount of work, something centralized policy management and enforcement is designed to handle.
Governance is about enforcement-and yet, different governance rules are implemented through different frameworks. As a set of rules codified as policies to minimize risk, proper governance of Kubernetes controls costs and drives efficiency, transparency, and accountability for an environment. It is the blueprint. For teams with critical Kubernetes workloads in production, a broad, robust governance and operational framework are necessary to help managers find visibility and control over their dynamic environments.
How do I visualize building my Kubernetes foundation?
In order to establish a governance framework for your organization, three key dimensions need to be defined. These specifics will serve as the foundation: the walls, windows, and roof of your organization. Ask yourself:
- Targets: Which clusters, workloads, or entities require governance?
- Policies: What rules or standards do you want to validate your targets against?
- Catalysts: When should the policy be checked? Before Kubernetes deployment? Every 24 hours?
Once you know the answers to these questions, you need a way to enforce them to ensure compliance and health governance. Doing this step manually is a sure path to incessant fire fighting. Using tools that can automate the compliance check process based on your defined specifications is the best way to implement this framework.
Where do open source tools fit in?
Even though governance is critical, you won’t find a single comprehensive tool to address all your governance needs. This means you will need to mix and match until all of your critical areas are covered. The goal here is to minimize the number of governance frameworks you need while still maximizing the coverage, making life easier for your operations teams.
Open source projects can help guide some of the guardrails, which is why choosing the right tools for your environment is key. As we know, misconfigurations in your containers and Kubernetes are a real issue. It’s akin to not adding a roof and then realizing at some point, the rains will come. Once the family moves in, it’s a lot harder to tack on improvements afterward-not to mention, it’s a safety hazard. Similarly, security misconfigurations in Kubernetes put your organization at risk.
That said, Kubernetes is in a much healthier place than it was a few years ago. There has been a real push for stability with a complex framework. This effort has helped to guide some of the guardrails around Kubernetes ownership, including the need for better configuration and management.
Why Fairwinds Insights?
We build software for guardrails in Kubernetes, a configuration validation platform to let you know if you built a foundation without rebar. Fairwinds Insights will tell you if you forgot the bathroom, left off the roof-and if you should let that sketchy guy at the front door into your secure environment. We have built a lot of open source projects to help with this effort, including Polaris for common misconfiguration validation issues.
To hear more about issues of governance and guardrails in Kubernetes, including information around Fairwinds Insights, listen to our recent webinar on the topic. Remember, don’t be afraid to use Kubernetes wrong… there are guardrails!