<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

We're blowing the whistle on Legacy PAM 🏀 Join us for an Access Madness Webinar on March 28

Search
Close icon
Search bar icon

Kubernetes Access Doesn't Need to Be Complex

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

It’s a Catch-22: your developers love Kubernetes, but provisioning and managing access can take hours. You’re constantly scrambling to generate certificates, configure clusters, and assign them to run on the correct namespace. But you’re not alone.

Kubernetes is by far one of the most popular container orchestration systems. Nearly half of organizations report using Kubernetes for managing, scaling, and automating application deployment. But in a global survey, respondents ranked security as a top challenge with running Kubernetes.

Why Kubernetes Access Causes Headaches

Keeping track of issued certificates is difficult. When you’re building a cluster, you generate certificates and assign them to users. Then, you need to put those into KUBCONFIG files. If you lose them, you can generate new certificates, which is more complicated than a password reset. Administrators also must manage the certificate lifecycles: updating permissions, revoking access, dealing with expired certificates.

When you first build a Kubernetes cluster, you create an initial administrative user. “Out and Back” in newer versions of Kubernetes means that the administrator can go in and configure the users and the context, which is essentially the cluster.

Everything in the cluster lands in default unless the administrator specifically configures distinct namespaces for applications/containers to run.  By default, the containers will all run with default access – and everyone who has a certificate will be able to access all the containers, completely unfettered. This opens you up to everything from accidental errors to malicious tampering.

Kubernetes platforms have some tools that do this natively, but admins need to know exactly what to do in the system. The config file becomes a complex mess, and it’s tough to keep track of logins, reissue certificates, and access resources.

Is Your Kubernetes Cluster Healthy?

When you first onboard with a tool like StrongDM, you will want to know how your Kubernetes clusters are set up. The built-in health check will run a namespace test and let you know if you’ve been running everything in default. Then, you can set up namespaces with specific permissions. For example, you could set up cluster group roles for different namespaces.

Automation Simplifies Kubernetes Access

Setting up user roles is just one way to automate–and simplify–Kubernetes access. Manual access management can virtually be eliminated with StrongDM. Once system administrators assign roles, the users can log in and use their Kubernetes client as they usually would.

Essentially, if you’re using StrongDM, you don’t have to constantly provision and maintain certificates for Kubernetes access. Instead of creating generic roles, you can create group-based roles with user impersonation details.

One of the concerns for a lot of companies is being able to track who is making changes in each system. With StrongDM, you can set up user impersonation, which essentially allows Kubernetes to natively log the identity of the user that is interacting with a cluster versus the organization that user belongs to.  Suppose a company requires an audit log for something like SOC 2 compliance. In this case, an administrator can pull the native Kubernetes logs and discover which exact user was making changes since the user impersonation feature enhances native Kubernetes logs with visibility into who executed each command.

The bottom line is that provisioning and maintaining Kubernetes access doesn’t need to be a full-time job. Much of it can be automated with StrongDM, resulting in more productive system administrators and users who can access the necessary clusters for their jobs much faster.

How to Get Started

Want to learn how you can simplify Kubernetes access? Sign up for one of our no-B.S. demos here.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

MITRE ATT&CK Framework Containers Matrix for Kubernetes
MITRE ATT&CK Framework Containers Matrix for Kubernetes
If you’re Kuberntes admin and you’re not familiar with the tactics outlined in the MITRE ATT&CK framework, this blog post is for you. MITRE ATT&CK framework is an extensive knowledge base of tactics and techniques employed by bad actors that defensive security experts use to help defend their organizations against attack, and many times, used by their offensive security counterparts to test their weaknesses.
CIS Kubernetes Benchmark Implementation Recommendations
CIS Kubernetes Benchmark Implementation Recommendations
The CIS Kubernetes Benchmark is a set of prescriptive recommendations assembled to guide administrators to achieve good security hygiene and results in strength security outcomes for their Kubernetes environments.
Simplify Kubernetes Management on AWS
Simplify Kubernetes Management on AWS
Secure access controls must be applied universally and consistently across all your infrastructure—from the Linux boxes in your datacenter to your Kubernetes clusters in AWS. StrongDM Dynamic Access Management is uniquely positioned to provide seamless, secure access across your entire stack, simplifying access management and compliance for your legacy systems and modern cloud stack.
SSH and Kubernetes Remote Identities
Supercharge Your SSH and Kubernetes Resources with Remote Identities
Learn how Remote Identities helps you leverage SSH and k8s capabilities to capitalize on infrastructure workflow investments you’ve already made.
Enterprise Kubernetes
Kubernetes in the Enterprise Webinar Recap
Join strongDM CTO Justin McCarthy and a panel of experts as they discuss the challenges, complexities, and best practices of enterprise k8s adoption.