MozillaWiki

Security/Guidelines/Kubernetes

< Security‎ | Guidelines
Revision as of 16:50, 29 December 2016 by Jbryner (talk | contribs) (Automated sync from https://github.com/mozilla/wikimo_content)

DRAFT

The goal of this document is to help you understand the basics of how to securely implement Kubernetes at Mozilla.

The Enterprise Information Security team maintains this document as a reference guide for operational teams.

Updates to this page should be submitted to the source repository on github. Changes are detailed in the commit history.

OpSec.png

Why Kubernetes?

Container-Based Approach

Kubernetes is a platform used to deploy containers to cloud environments. Mozilla has been using containers to develop and deploy applications for over a year, most notably powering http://www.mozilla.org/

Efficiencies of Clusters Over AMI Per Application Model

Because Kubernetes hosts containers on clusters of machines, all deployed applications inherit the clusters security best practices, alerting, logging and monitoring. These are implemented once and developers only need to develop alerting/monitoring specific to their application.

Platform Agnostic

A Kubernetes cluster can run on AWS, Rackspace, Google Compute or bare metal. This is not what one would describe as turn-key (at the moment) but with Kubernetes this is at least possible and mitigates vendor lock in risk. Additionally you can run Kubernetes on your laptop, something that is not possible with Amazon centric solutions.

Mature / Robust

Kubernetes is a large, mature open-source project under active development. Mozilla does not have to invest resources in feature development, bug fixes, maintaining documentation and training materials or other similar tasks.


Additional references

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Guidelines/Kubernetes&oldid=1158172"