Policy-Centric GitOps for Secure Kubernetes Deployments
DOI:
https://doi.org/10.63282/3050-922X.IJERET-V2I1P110Keywords:
Gitops, Kubernetes Security, Policy-As-Code, Continuous Deployment, Devsecops, Cloud-Native Security, Infrastructure as Code, Compliance Automation, Zero Trust, Cluster Governance, OPA, Compliance, GatekeeperAbstract
As cloud-native applications continue to heavily rely on Kubernetes as their backbone, GitOps has established itself as an innovative and efficient paradigm for managing deployment processes by simply treating configuration as code and by relying on automated pipelines for the provision of consistency and speed. However, as more and more organizations decide to go with GitOps, it is clear that the necessity of ensuring security at every stage of the deployment lifecycle has become, by far, the most important one, due to the risks in misconfigurations, unauthorized changes, and compliance drift. This is an investigation of the approach of a policy-centric style to GitOps that shifts the focus of security policies from being latecomers to the first-class citizens integrated into the repositories, the pipelines, and the runtime environments. The paper illustrates how the combination of policy-as-code frameworks with GitOps workflows can automate the enforcement of the policies, keep the errors of the humans at a minimum and always be in line with the regulations without causing any delay in the pace of innovation. The primary research of the work is greatly influenced by the blend of literature analysis, architecture modeling, and performance evaluation with the example of the real-world Kubernetes case where the security policies were integrated into the CI/CD pipelines with the use of tools like Open Policy Agent and Kyverno. Results from the case study reveal the technical upside such as the consideration of insecure deployments that can be prevented proactively and the simplification of the audits and also the organizational aspects, for instance, the increase in developer confidence and cross-team accountability.
References
[1] Shamim, Md Shazibul Islam, Farzana Ahamed Bhuiyan, and Akond Rahman. "Xi commandments of kubernetes security: A systematization of knowledge related to kubernetes security practices." 2020 IEEE Secure Development (SecDev) (2020): 58-64.
[2] Huang, Kaizhe, and Pranjal Jumde. Learn Kubernetes Security: Securely orchestrate, scale, and manage your microservices in Kubernetes deployments. Packt Publishing Ltd, 2020.
[3] Agrawal, Mayank, et al. "Security audit of kubernetes based container deployments: A comprehensive review." International Research Journal of Engineering and Technology (IRJET) 7 (2020).
[4] Luksa, Marko. Kubernetes in action. Simon and Schuster, 2017.
[5] Viktorsson, William, Cristian Klein, and Johan Tordsson. "Security-performance trade-offs of kubernetes container runtimes." 2020 28th International symposium on modeling, analysis, and simulation of computer and telecommunication systems (MASCOTS). IEEE, 2020.
[6] Guntupalli, Bhavitha. "Object-Oriented Vs Functional Programming: What I Learned Using Both." International Journal of Emerging Trends in Computer Science and Information Technology 1.3 (2020): 36-45.
[7] Patchamatla, Pavan Srikanth. "Optimizing Kubernetes-based Multi-Tenant Container Environments in OpenStack for Scalable AI Workflows." International Journal of Advanced Research in Education and Technology (IJARETY). https://doi. org/10.15680/IJARETY (2018).
[8] Campbell, Larry. "Understanding and Mitigating Security Risks in Kubernetes Environments." (2020).
[9] Modak, Arsh, et al. "Techniques to secure data on cloud: Docker swarm or kubernetes?." 2018 Second international conference on inventive communication and computational technologies (ICICCT). IEEE, 2018.
[10] Surantha, Nico, and Felix Ivan. "Secure kubernetes networking design based on zero trust model: A case study of financial service enterprise in indonesia." International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing. Cham: Springer International Publishing, 2019.
[11] Parakala, Adityamallikarjunkumar. "Building Analytics-Driven Bots: RPA Meets Business Intelligence." International Journal of Emerging Research in Engineering and Technology 2.1 (2021): 77-87.
[12] Sayfan, Gigi. Mastering Kubernetes: Level up your container orchestration skills with Kubernetes to build, run, secure, and observe large-scale distributed apps. Packt Publishing Ltd, 2020.
[13] Baier, Jonathan. Getting started with kubernetes. Packt Publishing Ltd, 2017.
[14] Guntupalli, Bhavitha. "Code Reviews That Don’t Suck: Tips for Reviewers and Submitters." International Journal of Emerging Research in Engineering and Technology 1.2 (2020): 60-68.
[15] Sultan, Sari, Imtiaz Ahmad, and Tassos Dimitriou. "Container security: Issues, challenges, and the road ahead." IEEE access 7 (2019): 52976-52996.
[16] Karslioglu, Murat. Kubernetes—A Complete DevOps Cookbook: Build and manage your applications, orchestrate containers, and deploy cloud-native services. Packt Publishing Ltd, 2020.
[17] Furnes, Jostein, and Cato Findalen Røsvik. Secure deployment of applications in Kubernetes on Google Cloud. BS thesis. NTNU, 2020.
[18] Sayfan, Gigi. Mastering Kubernetes: Master the art of container management by using the power of Kubernetes. Packt Publishing Ltd, 2018.
