Unify Kubernetes Access Across all your Application Environments

Ramanan Subramanian

Kubernetes deploys and manages containerized applications. A Kubernetes cluster consists of the compute nodes and the control plane used to manage a set of workloads on the cluster. Although some organizations opt for a single Kubernetes cluster for all their applications, often multiple clusters are necessary for a variety of scenarios. Examples of scenarios are preference of a specific cloud provider and its services for specific use cases, administrative isolation of disparate organizations managing each cluster, choice of different regions for compliance, or deploying in different environments with different objectives, such as development, staging, production, or third-party environments.

Need for unified access.

Deploying Kubernetes clusters requires application platform teams to manage “master” (control) nodes. These are special nodes that host the control plane orchestrating the containerized applications running in “worker” (compute) nodes. Platform teams access and instrument the control plane to perform tasks, such as scaling, backups, troubleshoot services, and ensuring availability. Instead of allowing developers access to “worker” nodes via SSH commands, organizations prefer to allow them fine-grained policy based access to the control plane via kubectl commands from the terminal. For instance, certain members might only be able to execute “get pods” or access “logs” to debug and troubleshoot their pods in production environments, but won’t have access to “delete pods”

Managing users manually in a single cluster can be a laborious task, and the complexity increases significantly when you have to manage their access across multiple clusters. Adopting best practices like creating short-lived certificates for users in your clusters may also become a significant time sink. You frequently have to generate new certificates as they expire, and share them securely with the respective users. Additionally, exporting kubeconfigs (client side file to access the cluster) can become another operational challenge.

Although kubectl enables end-users to switch between clusters, it alone is inadequate. To manage access to multiple clusters effectively and securely, a solution with the following features is necessary:

  • Capable of securing both cluster and user credentials.
  • Easy management of user access to multiple clusters.
  • Extends to existing clusters without modifying cluster configuration.
  • Scales access to as many clusters as required.

Ubyon makes secure access management to multiple Kubernetes clusters easy.

Ubyon simplifies the management of access to multiple Kubernetes clusters. It allows for easy onboarding of users into your clusters and implements security best practices including:

  • Modern authentication (SSO, MFA, biometric, passwordless) initiatives before granting user access.
  • Dynamically and periodically updated kubeconfig.
  • Short-lived certificates to minimize the risk of compromised user credentials.
  • Fine-grained access with RBAC policies and user impersonation.
  • Auditing is provided, which includes monitoring of servers and connections, as well as a comprehensive audit log for security and compliance.

LaunchPad screenshot

Managing access to multiple clusters across various application environments can be challenging. Ubyon provides an easy-to-use interface through a single dashboard that allows you to manage and control user's access to your clusters, monitor user activities on each cluster, and more.

See our video post demonstrating how to access Kubernetes clusters.