Compliance verification for Kubernetes

Kubernetes Logo

This blogs describes methods of verifying and enforcing compliance with OpsMx Autopilot. Dynamic Admission Control mechanisms of Kubernetes provide the framework to achieve compliance.

Admission Control in Kubernetes

Admission control mechanism is an important construct that is going into beta in next release of Kubernetes. Read more about here.

Compliance Verification need the following three pieces of the puzzle:

  • Admission Control Plug-in
  • Admission Webhooks
  • Admission Webhooks Server

What is an Admission Control Plug-in? An admission control plug-in is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized. The plug-in code is in the API server process and must be compiled into the binary in order to be used at this time”. Read more about Admission Controllers here:

What are Admission Webhooks? Admission webhooks are HTTP callbacks that receive admission requests and do something with them.

What is an admission webhook server? Admission webhook server handles the requests sent by the apiservers, and sends back its decision.

Compliance Verification

Compliance Verification needs

  1. Admission Control Plug-in. To Turn-on and Off please refer
  2. Admission Webhook Server – OpsMx Autopilot

OpsMx Autopilot as an Admission Webhook Server

OpsMx Autopilot is an admission webhook server. OpsMx Autopilot collects and analyses Logs, Metrics, Events and data from other sources to ensure risk is being reduced and compliance is being enforced.

Autpilot provides a flexible Rules Engine for your compliance needs and it also leverages both un-supervised and supervised machine-learning to asses performance, security and compliance at Speed and Scale.

If this sounds interesting, useful or would like to see a demo, please send us an email at for to learn more.

Leave a Comment

Your email address will not be published.

You may like