Getting Started

Introduction

AuditKube

Kubernetes is still new and a lot of the ideas setup elsewhere for compliance environments need to be addressed. AuditKube is an open source terraform module that attempts to create a complete compliance-oriented Kubernetes setup on AWS, Google Cloud and Azure. These add additional security such as additional system logs, file system monitoring, hard disk encryption and access control. Further, we setup the managed Redis and SQL on each of the Cloud providers with limited access to the Kubernetes cluster so things are further locked down. All of this should lead to setting up a HIPAA / PCI / SOC2 being made straightforward and repeatable.

DeployTag

We use helm the package manager for Kubernetes to deploy your applications in a repeatable manner in CI/CD such as CircleCI. DeployTag allows you to deploy Git branches as completely isolated environments using Helm + AWS Secrets Manager. This last piece allows us to configure secrets so that we can help make you Cloud agnostic as much as possible. The goal is to help you and your team develop, test and deploy features quickly.

Command Line Tools

Mac

brew install kubectl kubernetes-helm awscli google-cloud-sdk azure-cli terraform packer

AWS

Add your IAM credentials in ~/.aws/credentials.

[profile_name]
aws_access_key_id=<>key>
aws_secret_access_key=<secret_key>
region=us-west-2

SAML

If you setup a user via SAML access via Okta, G Suite or Office 360 they are automatically logged in with a default role. Modify this role to include the following additional access:

ACCESS_NEEDED

Once that is done we need to give them access to the EKS Cluster. To do this add them to the iam_users list that you used to create the cluster. This creates a RBAC access to the cluster.

Foxpass

Use the documentation on the Foxpass website for how to configure users.