Winterizing Your Kubernetes Clusters

Here we are halfway through the second week of November. Within the next few days and weeks, many of you will be taking much-needed time off to rest, rejuvenate and spend time with friends and family. 

If you are like many organizations that run Kubernetes and cloud infrastructure then you are undoubtedly heading towards your first or final code freeze for the holidays. However, before you start cutting off the lights and heading out, lets make sure we take care of a few housekeeping duties.

1.Do you want Kubernetes to respond or react?

How should your clusters scale? If so, have you checked with your cloud provider to see if they have enough resources in your region to allocate for you? Would you like to be notified during the scale or after? Or would you prefer a manual scaling of your cluster and its resources? Have you tested the speed at which you expect your cluster to scale with your apps? The bottom line is a reaction is swift and relentless a response has been carefully considered and planned, which would you prefer?

2. Have you secured your cluster for the long nights?

Many teams are already short-staffed due to the great resignation of 2021 and it will be even worse during the holiday season. According to a Bloomberg article this past Labor Day, there is a “history” of cyber incidents hitting around holidays and agencies say they’ve observed an increase in “highly impactful” ransomware attacks occurring on holidays and weekends, when offices are normally closed.

Here are some quick tips to lessen the ease of attack

• Use Role Based Access Controls (RBAC)

• Make your Kubernetes API Endpoint Private

• Utilize encryption where available

• Secure/Harden your Nodes and Pods 

• Eliminiate Container Security Risks

• Enable auditing, logging, monitoring, alerting, and tracing

3. Discuss Outages and Plan Ahead

Talk to your stakeholders about getting hacked, having an outage, compute resources being unavailable, then come up with a plan of attack. Customers are depending on your app and services being available and if you can do something now to better address that potential situation then you should. Yes, it is time-consuming but if you fail to plan you plan to fail.

Winter Emergency Kit:

• AWS Key Management Service (KMS) Envelope Encryption

• Cloud KMS

• Security Concepts for AKS

• Falco Runtime Security for Containers

• Open Policy Agent

• NSA Kubernetes Hardening Guidance

Let Us Help You:

ThnkBiG is a global technology services, solutions, and staffing firm specializing in Kubernetes Implementation & Operationalization and DevOps Cloud Services to small medium-sized businesses, smb commercial, and government customers. Our managed and consulting services are a cost efficient option, and we scale as your needs do. With our SRE expertise, we operationalize Kubernetes environments both large and small using best practices, automation, cloud-native open-source tools, and technology.

Related Content