October 21, 2021
Did you know you can use Runecast Analyzer to analyse and secure your Kubernetes infrastructure? It’s not just VMware, Runecast Analyzer also provides actionable insights and proactive monitoring for AWS, Azure and Kubernetes.
Runecast enables a proactive approach to Kubernetes infrastructure configuration for Kubernetes Security Posture Management (KSPM) – to keep containerized workloads and apps secure.
You can use Runecast Analyzer to scan your Kubernetes infrastructure and keep track of your configuration. Using a combination of historical scans and consistency analysis, you can easily troubleshoot issues across your Kubernetes pods and containers.
Here we take a slightly deeper dive into what all that means.
We find Kubernetes to be a fascinating platform which helps you to orchestrate your containerised workloads. Workloads (like applications that used to require dedicated servers or virtual servers) can now be run inside containers. Containers are lightweight virtual boxes which hold only the necessary items to run the application. This makes them fast and able to run on a variety of environments, including cloud, on premises and on a variety of hardware.
Kubernetes is a widely used open-source platform for managing these containers and their workloads, and it makes a lot of things automatic that used to be manual, making for a more resilient system. That means that you can have built-in scaling and failover, as well as multiple deployment options. Kubernetes is a real step forward in computing for some areas, but it comes with a lot of moving parts – and Runecast Analyzer can help you to secure these.
Some of the things Kubernetes can do include load balancing network traffic, deploying new containers when one fails and killing the old one.
While Kubernetes does lots of amazing things it has not set out to solve every problem. Kubernetes doesn’t mandate which monitoring systems you should use, or which configuration system, which is where Runecast Analyzer comes in.
Using Runecast Analyzer you can take snapshots of your Kubernetes clusters and workload and track the configuration over time. Using Runecast Analyzer’s configuration vault you can set automatic analysis intervals, or trigger manual analysis of your configuration. The configuration from each analysis is stored in Runecast Analyzer’s configuration vault. This ensures that any changes can be assessed against the existing good configuration, or a baseline.
This can help you to understand if an application related issue is due to a change in the Kubernetes infrastructure, for example OS change, runtime or Kubernetes version change, or application settings, for example if the number of replicas has changed.
You can also use Runecast Analyzer to prepare your Kubernetes infrastructure to meet the CIS benchmarks. The CIS benchmarks for Kubernetes are preloaded into Runecast Analyzer and your entire infrastructure can be examined quickly and easily, with 71 individual checks against your Kubernetes environments.
The benchmarks cover everything from setup to configuration of your Kubernetes architecture and include automated and manual recommendations for your KSPM. These show whether a technical control can be fully automated, or whether there are manual steps required to meet the benchmarks.
We have an article coming soon where we take a look at CIS benchmarks in much more detail and show how Runecast Analyzer can help you meet the benchmarks, not just in Kubernetes, but also AWS, Azure and VMware virtualised environments.
Runecast Analyzer also works with HPE Ezmeral. To find out how the two work together, for alerting and monitoring on your platform, have a look at the link below.
Want to read more on this topic? Take a look at these articles, or download Runecast from the HPE Ezmeral Marketplace.