If you’re moving to containers and Kubernetes from a more monolithic approach to software development and infrastructure, it’s probably not because you want your teams to move slower. You’re likely trying to deploy faster and more frequently than ever.
That might at first appear to create a conflict with security, especially in risk-averse organizations or anywhere that fear of failure is embedded in the culture.
“Many enterprises have longstanding change management and security controls that may run contrary to the ‘move fast and break things’ approach of distributed application development,” says Kevin Crawley, developer advocate at Containous.
“But these two cultures don’t necessarily have to be at odds with each other, since auditing features built into Kubernetes allow for a consistent view of the state of your applications at any given time,” he says. “With regards to security, organizations will find their ability to quickly react to situations that may arise is actually more efficient than trying to first predict every possible security scenario that might occur.”
Crawley sees Kubernetes as part of an opportunity to improve the overall security of your software development and deployments, in concert with – rather than in conflict with – increasing speed and scale.
Instead of trying to bolt your old security model onto new paradigms, enterprises can find a way to leverage the new ecosystem to their advantage, Crawley says. “This is also fundamentally why Kubernetes is uniquely positioned to become one of the most secure platforms available, and it’s because the same agility and velocity which enables the developers can empower the teams’ ability to provide security as well.”
[ Get the free eBook: O’Reilly: Kubernetes Operators: Automating the Container Orchestration Platform. ]
Kubernetes deployments: 6 do's and don'ts
We’re here to explore six do’s and don’ts of securing your Kubernetes deployments. First, a clarification of an important term and how we’re using it: In the Kubernetes ecosystem, a deployment refers to one type of controller (or control loop) used to declare your desired state for pods and ReplicaSets in your cluster. It’s a specific component of the overall Kubernetes control plane. Here, we’re using the term “deployment” more generally to describe the bigger picture of deploying and updating containerized applications and workloads with Kubernetes.
[ Want a primer? Read Kubernetes architecture for beginners. ]
Let’s dig into best practices and tips from the experts.
1. Do: Build security into all phases of your software supply chain
One of the best examples of the opportunity Crawley describes above: Abandon the “security as final step” mindset in favor of “security at every step.” The latter aligns very well with containers, Kubernetes, and cloud-native development overall.
“It’s crucial to introduce container security automation early on in the CI/CD pipeline – ideally from day one,” says Gary Duan, CTO at NeuVector. “Integrating security automation levers at key points throughout the full pipeline can help to ensure that Kubernetes deployments can be created and updated safely and that application development can proceed at a suitable pace, while any vulnerabilities or signs or unauthorized behaviors are swiftly detected.”
Security shouldn’t be a final check, or something you prioritize only when a problem arises in production. Rather, it should be holistic.
“Deploying Kubernetes applications should involve implementing security capabilities across the software supply chain,” says Wei Lien Dang, co-founder and VP of product at StackRox.
Dang notes that the “defense in depth” concept in cybersecurity remains important.
“In the build phase, for example, companies should perform image scanning and then, to complement that tactic for the deploy phase, they should apply Kubernetes admission controllers to block deployments that don’t adhere to pre-configured policies,” Dang says. “You shouldn’t skip applying deployment policies and simply rely on runtime monitoring to catch subsequent security issues.”
[ Kubernetes terminology, demystified: Get our Kubernetes glossary cheat sheet for IT and business leaders. ]
2. Don't: Play security whack-a-mole with manual approaches
This means labor-intensive one-off processes aren’t really a fit. So if that describes your old way of securely deploying code, you’re going to need to renovate.
“What teams definitely shouldn’t do – and really can’t afford to do – is hamper progress through the Kubernetes pipeline with slow and manual security processes,” Duan says. “With Kubernetes and container environments delivering highly dynamic activity and requiring real-time security responsiveness, manual interventions are simply an inadequate and unrealistic approach to securing Kubernetes environments.”
3. Do: Consider GitOps practices
There’s growing interest in GitOps as a cloud-native, Kubernetes-centric approach to CI/CD. It affords both velocity and security, which is part of its appeal to teams managing Kubernetes applications and infrastructure.
“The GitOps workflow is a hugely popular methodology for doing deployments on Kubernetes – and definitely recommended,” says Lance Allen, senior solutions architect at Mission. “It provides the perfect blend of speed and security, ensuring your cluster state is mirroring the state of source control and being continuously synced.”
The OpenShift blog has both a primer on GitOps and a step-by-step walk-through of moving from code to production with GitOps.
Luis Pabon, engineer at Portworx, notes that GitOps (or a similar set of practices) can be particularly useful for multi-tenant Kubernetes environments. That means, for example, that you’ve got multiple users and/or teams sharing the resources of a single cluster. GitOps, along with Kubernetes features like namespaces, can be key to doing so in a secure manner by maintaining isolation between tenants and reducing security and reliability risks, especially when users make changes.
“Tenants should employ a model like GitOps, where every change to the application deployment is tracked and approved,” Pabon says. “This model works not only to manage updates to an application, but also enable easy management of rolling back changes to a previous state in case of an unwanted change.”
Let’s look at three more security best practices: