Chef and Kubernetes

Accelerate Kubernetes Adoption Across All Applications with Chef Automation.

Chef KubeCon 2019 Highlights

Scale Kubernetes Adoption and Lower Maintenance Costs with Chef

Chef helps accelerate the adoption of high value technologies like Kubernetes by building technology-agnostic automation that makes it easy to deliver compliant applications to any platform. Using Chef, DevOps teams build compact, immutable and hardened images that can be deployed on-premises, in the cloud, on Kubernetes, or on whatever platform comes next. This helps organizations ensure any initial savings gained from the implementation of a new technology aren’t outweighed by higher operational overhead and compliance remediation costs in the future.

The Power of Kubernetes Depends on the Quality of Containers it Manages

Container solutions have provided organizations with the means to deliver applications in a way that’s lightweight, immutable, and portable. This, in turn, enables the creation of highly efficient, distributed architectures for their environments. While Kubernetes has improved how organizations schedule and orchestrate containers, it doesn’t address challenges related to creation and maintenance including:

  • Opaque Containers: Inspecting and determining what exactly is running in a live container can be difficult.
  • Security & Compliance: Detecting which containers and/or pods are affected by new regulatory requirements or threats and then planning remediation is not straightforward.
  • Non-Cloud Native Apps: Migrating older apps using a “lift and shift” approach moves the app and everything else running along with the app, resulting in bloated, hard-to-manage containers.

Less is More:
Minimized Containers Maximize ROI

Kubernetes has no opinion on what goes into a container; it just runs them. The better containers you give Kubernetes to manage the better job it can do. Chef believes the best way to build good containers is to minimize what goes into them. The less you put into a container, the less you have to manage, and the less you have to worry about when that container becomes part of a Kubernetes cluster.

Drive Compliance with Curated CIS Aligned Kubernetes Auditing Content

Chef Premium Content provided for auditing Kubernetes pods is directly aligned to CIS (Center for Internet Security) benchmarks. This minimizes the time and effort needed to audit Kubernetes pods. Chef Compliance for Kubernetes features standards-based audit and remediation content, easily tuned baselines to adapt to an organization’s needs, and visibility and control across hybrid and multi-cloud environments.

Chef’s Approach to Kubernetes

Chef delivers simplicity to Kubernetes by abstracting an application from the underlying operating system and bundling it with the dependencies it needs to run. By abstracting the application from both the internal (library) and external (service) dependencies, an immutable build artifact is created that is guaranteed to run the same in any environment. This not only creates a minimal build artifact, but one that can be easily inspected and audited, whether you’re building a new cloud-native application or migrating existing applications into modern environments.

“The combination of Chef Habitat and Kubernetes has significantly accelerated our microservices migration and expanded the number of teams that can move apps forward with cloud adoption.”

Nicholas Kirschbaum
Manager of Automation Platforms, Alaska Airlines

Benefits of Using Chef with Kubernetes

Efficiency

Create minimal, predictable container builds across all apps. Mount new secret and config maps and reload services automatically.

Continuous Compliance

Applications built with Chef Habitat can be easily audited to ensure vulnerable libraries are not in use and compliance policy is being followed.

Portability

Apps are no longer dependent on underlying OS versions or infrastructure and can be easily ported across on-premises and cloud environments.

Solution Spotlight:
Microsoft Azure Kubernetes Services

Chef Habitat offers direct support for publishing to Azure Container Registry (ACR), which allows customers to implement a seamless, integrated workflow from pushing code to GitHub to deploying to Azure Kubernetes Services (AKS).

Related Products

Chef App Delivery is an automation platform that enables DevOps teams to standardize the way they define run-time dependencies (like the jre or ruby) and build-time dependencies (like the jdk or gcc), how they initialize and run an app, and how that app interacts with other apps.

All of these outputs are then consolidated into a single artifact that can be easily consumed by any CI/CD system and run in any environment – bare metal, VM, or a container on platforms like Kubernetes or Red Hat OpenShift.

Chef Compliance is a framework for testing and auditing applications and infrastructure. Chef Compliance works by comparing the actual state of a system with the desired state of a system.

Chef Compliance can inspect a Docker container via the Docker API. This provides the ability to make assertions about a live, running container without requiring any changes to the container’s contents or build process.

Recommended Content

Graphic with paper and pencil emerging from desktop screenBlog

Docker Container Compliance with InSpec

Read More

Graphic of video player screenChefConf 2019

Running Legacy Applications on Kubernetes at Chef

Watch Now

Ready to Get Started?

Talk to an Expert