Many people are migrating to Kubernetes with containerized workloads; however, managing a set of clusters can be challenging since each cluster needs to have visibility frameworks, and constructs to manage and monitor what is happening inside. Each time you go in and out of the cluster, you create different security domains to be able to manage it. Kubernetes simplifies this process by creating tenancy inside a cluster and extending to multi-cluster to ensure there are proper guardrails in place and security posture.
In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Prasad Dorbala, Co-Founder and CPO of Avesha, to discuss the key security challenges when deploying and managing workloads in multi-tenant environments and how KubeSlice implements security primitives of Kubernetes. He goes into detail about the key features of KubeSlice that help organizations build in security from the start.
Key highlights from this video interview are:
- Dorbala discusses KubeSlice and how it creates tenancy inside a cluster and across multi-cluster to help tackle the security challenges when deploying and managing workloads in Kubernetes.
- Multi-tenancy has a number of challenges so you need to use different primitives to micro-segment the cluster and isolate certain sets of workloads from others. Dorbala discusses why it is important to have defense in depth such as to scan DevSecOps principles to ensure they are good. He goes through the fundamental important considerations for when extending to multi-cluster.
- Pod Security Policy (PSP) is being deprecated with version 1.21 and while it was beneficial is also a continuing moving problem. Kubernetes 1.21 has a security admission controller built into it to help with access whether privileged, baseline or restricted. Dorbala discusses the benefits PSP offered and why with the changing landscape a defense in depth is needed. He explains the advantages of the newer Pod Security Standards (PSS).
- Dorbala discusses how KubeSlice has security built into it so that security is not an afterthought. He believes there are three key ways KubeSlice does this: reducing the blast radius, least privilege, and resource management. He explains how starvation is an important factor and how KubeSlice provides fairness across multi-tenancy.
- With economic shutdown, many companies are looking to cut costs, yet Dorbala believes that the security budget will often not be cut since the risks are too high. He believes with the right guardrails and framework in place, companies will not be concerned about the cost. He feels it is an essential component that needs to be built in from day one.
The summary of the show is written by Emily Nicholls.