Containers & Kubernetes

Take control of your Kubernetes clusters with CSP Config Management

548e Container security full.png

Kubernetes administrators know that with each new cluster comes new configurations—and the management overhead associated with them. It’s a headache, and one that only gets worse as you scramble to keep your growing fleet in line with ever-changing corporate policies.

Last week, we announced the Cloud Services Platform (CSP) in beta, letting you modernize your applications on Google Cloud Platform (GCP) or with on-premises infrastructure. As part of CSP, we’re also making it easier for you to consistently implement policies across all your Kubernetes clusters, with CSP Config Management, also in beta. Now you can strengthen security and maintain compliance across all your clusters, while still helping developers move fast.

CSP Config Management allows you to create a common configuration for all your administrative policies and apply it to all your clusters, at the same time. The clusters can be running in Google Kubernetes Engine (GKE) in the cloud or in your data center with GKE On-Prem or a combination of both. By integrating with the popular Git version control system, CSP Config Management evaluates each commit to the repository and rolls them out to clusters all over the globe, so that your cluster is always in the desired state.

For example, you can have a set of Kubernetes Namespaces with policies like NetworkPolicies, ConfigMaps, or RBAC RoleBindings, and automatically create them across all your clusters.

image1.png

CSP Config Management uses the native Kubernetes configuration format (in YAML or JSON) to store multi-cluster policies, so migrating your existing definitions is a snap. You can configure different policies for groups of clusters or namespaces (for example, applying different quota levels to staging vs. production), making it easy to manage complex environments. And you don’t need to worry about pushing bad configurations—CSP Config Management includes a validator that looks at every line of code before pushing it to your repository.

Then, once the desired state is achieved, CSP Config Management actively monitors the clusters to keep them that way.

In short, CSP Config Management:

  • Enables new teams to get up and running quickly by creating a multi-cluster namespace with common RBAC policies and other access control rules
  • Enforces states needed for compliance by preventing configuration drift through continuous monitoring of the cluster state
  • Centrally manages the configuration of your Istio service mesh, pod security policies, quota policies, and other sensitive guardrails to ensure comprehensive and consistent coverage for your fleet
  • Brings the power of source control to your clusters: stage configuration changes in separate branches, collaborate in code reviews, or easily revert clusters to their last healthy state.

CSP Config Management is available today with the beta release of CSP; use it to take control of cluster sprawl and increase the security of your Kubernetes clusters at scale. Sign up for CSP Config Management beta.