SaltStack sponsored this podcast.
The hype around Kubernetes has created many repercussions in the IT industry — while not all of the effects have been net positive for many organizations and DevOps teams. Infrastructure management is a prime example. Missing too often are security management tools for Kubernetes deployments and infrastructure management. Ultimately, these tools should have the capacity to replace security and IT skills gaps and talent shortages by automating vulnerability detections and fixes, for example.
“Kubernetes is something powerful and impactful, but has too many components and moving pieces,” Moe Abdula, vice president of engineering, SaltStack, said. “How do you ensure that you can build an architecture and a system around something like a Kubernetes that is easy to maintain, easy to support, easy to extend?”
In this The New Stack Makers podcast, we speak with Abdula and Gareth Greenaway, vice president of engineering, SaltStack, about how and why the infrastructure- and security-management aspects of Kubernetes, as well as infrastructure, have been neglected, what the risks are and what can be done to fix it.
Aside from the pressure to deploy applications and updates at ever-faster cadences, gaps in infrastructure management for Kubernetes can largely be explained by the complexities involved. In many cases, DevOps teams are spinning up multiple Kubernetes clusters and discover that many of the configuration inconsistencies that vary between clusters are largely responsible for why applications are not deploying or performing consistently, Abdula said. “They realize that the homegrown type of scripts or the homegrown type of approaches towards manual intervention does not scale or prevent repeat It errors,” Abdula said.
This is why many organizations are actively seeking tools for configuration and infrastructure management for complex Kubernetes and container environments, especially after experiencing first hand the issues described above associated with infrastructure management in today’s ever-complex environments, Abdulla said. Once they realize this, a DevOps team member might typically say “‘let me figure out how I automate so that I can create consistency,” Abdula said.
This demand reflects how SaltStack has evolved as a solution for container and Kubernetes configuration management. “The tools that are in place to manage those clusters just don’t scale to the point that a tool like SaltStack does, in terms of managing those clusters and container-based infrastructures,” Greenaway said.
In the security — and DevSecOps — realm, “you cannot possibly expect to manage containers by looking for vulnerabilities and maintaining them in a manual way,” Greenaway said. “I think a lot of the concept of doing things in a manual way is gone,” Greenaway said. “We’ve left the [manual] phase of the technology behind because it’s just no longer sustainable,” Greenaway said.
The production version of SaltStack 6.1 released last year not only helped to automate infrastructure and security management but “expedited the marriage of policy with remediation,” Abdula said.
The release of SaltStack 6.2 introduced a component that “allowed us to actually integrate with the rest of the security toolchain,” Abdula said. “Today, people have already invested a lot in tools that do scanning or prioritization of vulnerabilities. So, rather than asking folks to throw that away something that is already delivering value, we created many, many integrations on the front end with the scanning tools and convert the results automatically with no manual effort,” Abdula said. “And then, right out of the box, we have the benchmarks that automate the remediation, so that a client can choose simply to click a button.”
Feature image via Pixabay.