While a lot of people are calling network policies the Kubernetes equivalent of a firewall, they probably wouldn’t be called network policies if that were really the case. Although network policies are comparable to security features like firewalls, they mostly pertain to rules, and therefore a more accurate comparison would be with “firewall rules” or security groups in the Cloud that are used to manage permissions.
You can never be too safe when it comes to securing your applications. It’s essential that security is a part of the application framework and not just a protective outer layer. Enterprises are swiftly adopting the microservices architecture because of its numerous benefits. However, security still remains a concern. Kubernetes has emerged as the de-facto container orchestration tool. And, on its own, Kubernetes seems to be decent for managing secrets.
I am a big believer in Jeff Bezos’s Day 1 philosophy. So when the opportunity came for me to drive Day 1 yet again, I could not resist.
Applications and workloads running on Kubernetes environment, just like any application, requires secrets to gain access to data stored in the database, 1st / 3rd party services or APIs.
Secrets, however, are only effective if they actually remain secret. When secrets leak, attackers will be able to gain access to sensitive data, services or APIs and can potentially put your entire environment and business at risk.
Everyone is talking about Kubernetes these days, and it’s no secret that Kubernetes has emerged as the leading container orchestration tool. There are a variety of reasons for that, ranging from Kubernetes’s open source, community-based development model to helpful technical features like pod security policies and automatic load balancing.
If you work with Kubernetes, you’re probably already familiar with basic Kubernetes best practices guides and patterns. But the recent release of Kubernetes v1.14 has introduced some new features, which in turn necessitate new best practices. Most of them center on security and automation, which are top of the list for operations staff, management, and development alike. But there are some others that factor in as well.
If you believe all the marketing hype, then Kubernetes is the silver bullet to make containers so routine that they’re boring, and your infrastructure will have better harmony than any boy band in history. If only this were true.
Kubernetes 1.14 was recently
released with several new features and nonetheless important enhancements.
Main highlights include:
- Support for Windows nodes (graduating from Beta to Stable)
- Several kubectl improvements (updated plugin mechanism, kustomize Integration, new documentation website)
- Persistent Local Volumes, which makes locally attached (non-network attached) storage available as a persistent volume source (graduating to GA)