In recent articles on the GovDevSecOpsHub, we discussed the realities of cluster sprawl and the impact of cluster sprawl on our agencies. Ultimately, we established that cluster sprawl is a very real problem facing the government that can slow the speed of innovation within our agencies if not mitigated. Cluster sprawl – the unmanaged and uncontrolled exponential increase in Kubernetes clusters that we’re witnessing across government agencies – can have negative impacts on agency recruitment and retention. Worse, it can create massive cybersecurity risks and vulnerabilities at a time when cyberattacks are increasingly frequent and becoming more sophisticated.
As developers create services at high-speed intervals and do so independently across our IT systems, they are meeting the needs of our constituents in record fashion. But how do we meet the needs of an ever-expectant user while ensuring that our entire system is maintaining security and efficiency? How can we be sure that all of that access by developers is met with a system of governance that guarantees proper oversight, without slowing down the speed of innovation?
Implementing proper governance and management principles can stem the confusion of cluster sprawl and allow rapid development of secure services while reducing overhead and redundancy in our efforts.
Here are four key considerations for mitigating cluster sprawl:
- Create Centralized Multi-Cluster Visibility and Management
As the number of clusters grows, operators are forced to spend increasing amounts of time managing clusters and less time doing actual work. They need to be able to centrally view, manage, and consolidate disparate clusters as they are discovered so that they can better optimize resources in a cost-effective manner and troubleshoot issues without losing valuable time.
- Ensure Granular Configuration Management
In order to reduce the potentially vulnerable surface area of software in use, operators need to maintain granular control over how and where clusters are provisioned, as well as which versions of software can be used within project efforts. This level of control can help organizations meet risk and compliance demands and simplify the provisioning of services.
- Allow Individualized Authentication and Access Management
Organizations can have differing governance and access control requirements depending on the type of business they are in. The access requirements for different roles may also evolve as employees change job roles and leave the organization. Operators need a simplified way to manage the individual logins and permissions and service the needs of a wide range of clusters with centralized policy-driven capabilities.
- Build and Maintain Lines of Business Relationships
A key goal is to avoid conflict between IT’s efforts to monitor and to support the needs of the business and its strategy in innovation and revenue acceleration. Operations should not restrict technology, instead, it should look to simplify its management for development teams. Although developers like the self-service model of Kubernetes, it’s become clear that enterprises want some control and have opinions regarding which infrastructure, provider, and application services are best for the organization.
As multiple teams and developers within an organization adopt new Kubernetes applications, it’s important to centrally govern the clusters and workloads that accompany them in order to ensure consistent security, meet business needs, and efficiently configure and manage services across the digital landscape of our organizations.
But development organizations don’t have to battle cluster sprawl alone. There are new Kubernetes management applications and platforms that can help agencies orient their management and governance protocols and get their cluster sprawl under control.
These applications, including D2iQ’s Kommander, help agencies understand the financial impact of their cluster sprawl, give them consistent ways to monitor and obtain insights about their infrastructure, provide them with an environment in which they can create standardization across identities, and even reduce the potentially vulnerable surface area of software in use.
Utilizing a Kubernetes platform is an effective and efficient way for agencies to fence in their clusters and stem the sprawl.
