Select Page
by

Gopal Dommety

|
last updated on January 3, 2024
Share

Compliance verification for Kubernetes deployments is fundamental to deployment security. This blog explains how to verify and enforce Kubernetes compliance with OpsMx Autopilot. Dynamic Admission Control mechanisms of Kubernetes provide the right framework to achieve compliance.

Admission Control in Kubernetes

Admission control mechanism is an important construct that is going into beta in next release of Kubernetes. Read more about here. https://unofficial-kubernetes.readthedocs.io/en/latest/admin/admission-controllers

Compliance Verification need the following three pieces of the puzzle:

  • Admission Control Plug-in
  • Admission Webhooks
  • Admission Webhooks Server

What is an Admission Control Plug-in? An admission control plug-in is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized. The plug-in code is in the API server process and must be compiled into the binary in order to be used at this time”. Read more about Admission Controllers here: https://kubernetes.io/docs/reference/access-authn-authz/admission-controller

What are Admission Webhooks? Admission webhooks are HTTP callbacks that receive admission requests and do something with them.

What is an admission webhook server? Admission webhook server handles the requests sent by the apiservers, and sends back its decision.

Compliance Verification

Compliance Verification needs

  1. Admission Control Plug-in. To Turn-on and Off please refer https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#why-do-i-need-them
  2. Admission Webhook Server – OpsMx Autopilot

OpsMx Autopilot as an Admission Webhook Server

OpsMx Autopilot is an admission webhook server. OpsMx Autopilot collects and analyses Logs, Metrics, Events and data from other sources to ensure risk is being reduced and compliance is being enforced.

Autpilot provides a flexible Rules Engine for your compliance needs and it also leverages both un-supervised and supervised machine-learning to asses performance, security and compliance at Speed and Scale.

If this sounds interesting/ useful or if you would like to see a working demo of compliance verification for Kubernetes deployments, please send us an email at customer@opsmx.com

Gopal Dommety

Gopal Dommety is the CEO of OpsMx. Gopal is a serial entrepreneur and technology visionary. As CEO, he has built the team to scale the technology and go to market functions, and has proven product-market fit with customers like Cisco, Salesforce, Standard Chartered Bank, Juniper Networks, Albertsons, and many others. Prior to OpsMx, Gopal was the founder and CEO of N42, where he built a team of machine learning experts to address the problems companies face when running large scale virtual data centers. Gopal also was the architect behind multiple Cisco flagship products and designed Internet Protocols (RFCs) that are widely used in the Internet today. Gopal holds more than 60 patents in the area of large scale distributed systems. Gopal is awarded Ph.D in Computer Science and Master’s Management Science, and graduated from Stanford, Ohio State and IIT.

Link

0 Comments

Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.