Kubernetes is still new and a lot of the ideas setup elsewhere for compliance environments need to be addressed. AuditKube is an open source terraform module that attempts to create a complete compliance-oriented Kubernetes setup on AWS, Google Cloud and Azure. These add additional security such as additional system logs, file system monitoring, hard disk encryption and access control. Further, we setup the managed Redis and SQL on each of the Cloud providers with limited access to the Kubernetes cluster so things are further locked down. All of this should lead to setting up a HIPAA / PCI / SOC2 being made straightforward and repeatable.
We use helm the package manager for Kubernetes to deploy your applications in a repeatable manner in CI/CD such as CircleCI. DeployTag allows you to deploy Git branches as completely isolated environments using Helm + AWS Secrets Manager. This last piece allows us to configure secrets so that we can help make you Cloud agnostic as much as possible. The goal is to help you and your team develop, test and deploy features quickly.
Command Line Tools
brew install kubectl kubernetes-helm awscli google-cloud-sdk azure-cli terraform packer
Add your IAM credentials in
[profile_name] aws_access_key_id=<>key> aws_secret_access_key=<secret_key> region=us-west-2
If you setup a user via SAML access via Okta, G Suite or Office 360 they are automatically logged in with a default role. Modify this role to include the following additional access:
Once that is done we need to give them access to the EKS Cluster. To do this
add them to the
iam_users list that you used to create the cluster. This
creates a RBAC access to the cluster.
Use the documentation on the Foxpass website for how to configure users.