Scale Kubernetes Adoption and Lower Maintenance Costs with Chef
Chef helps accelerate the adoption of high value technologies like Kubernetes by building technology-agnostic automation that makes it easy to deliver compliant applications to any platform. Using Chef, DevOps teams build compact, immutable and hardened images that can be deployed on-premises, in the cloud, on Kubernetes, or on whatever platform comes next. This helps organizations ensure any initial savings gained from the implementation of a new technology aren’t outweighed by higher operational overhead and compliance remediation costs in the future.
The Power of Kubernetes Depends on the Quality of Containers it Manages
Container solutions have provided organizations with the means to deliver applications in a way that’s lightweight, immutable, and portable. This, in turn, enables the creation of highly efficient, distributed architectures for their environments. While Kubernetes has improved how organizations schedule and orchestrate containers, it doesn’t address challenges related to creation and maintenance including:
- Opaque Containers: Inspecting and determining what exactly is running in a live container can be difficult.
- Security & Compliance: Detecting which containers and/or pods are affected by new regulatory requirements or threats and then planning remediation is not straightforward.
- Non-Cloud Native Apps: Migrating older apps using a “lift and shift” approach moves the app and everything else running along with the app, resulting in bloated, hard-to-manage containers.
Less is More:
Minimized Containers Maximize ROI
Kubernetes has no opinion on what goes into a container; it just runs them. The better containers you give Kubernetes to manage the better job it can do. Chef believes the best way to build good containers is to minimize what goes into them. The less you put into a container, the less you have to manage, and the less you have to worry about when that container becomes part of a Kubernetes cluster.
Drive Compliance with Curated CIS Aligned Kubernetes Auditing Content
Chef Premium Content provided for auditing Kubernetes pods is directly aligned to CIS (Center for Internet Security) benchmarks. This minimizes the time and effort needed to audit Kubernetes pods. Chef Compliance for Kubernetes features standards-based audit and remediation content, easily tuned baselines to adapt to an organization’s needs, and visibility and control across hybrid and multi-cloud environments.
Chef’s Approach to Kubernetes Automation
Chef delivers simplicity to Kubernetes by abstracting an application from the underlying operating system and bundling it with the dependencies it needs to run. By abstracting the application from both the internal (library) and external (service) dependencies, an immutable build artifact is created that is guaranteed to run the same in any environment. This not only creates a minimal build artifact, but one that can be easily inspected and audited, whether you’re building a new cloud-native application or migrating existing applications into modern environments.
By building containers with Chef Habitat, organizations can dramatically increase the quality of the containers they build and reduce the time and effort it takes to deploy and maintain applications deployed in Kubernetes.
Benefits of Using Chef with Kubernetes
Create minimal, predictable container builds across all apps. Mount new secret and config maps and reload services automatically.
Applications built with Chef Habitat can be easily audited to ensure vulnerable libraries are not in use and compliance policy is being followed.
Apps are no longer dependent on underlying OS versions or infrastructure and can be easily ported across on-premises and cloud environments.
Microsoft Azure Kubernetes Services
Chef Habitat offers direct support for publishing to Azure Container Registry (ACR), which allows customers to implement a seamless, integrated workflow from pushing code to GitHub to deploying to Azure Kubernetes Services (AKS).Read the Blog
Chef App Delivery is an automation platform that enables DevOps teams to standardize the way they define run-time dependencies (like the jre or ruby) and build-time dependencies (like the jdk or gcc), how they initialize and run an app, and how that app interacts with other apps.
All of these outputs are then consolidated into a single artifact that can be easily consumed by any CI/CD system and run in any environment – bare metal, VM, or a container on platforms like Kubernetes or Red Hat OpenShift.
Chef Compliance is a framework for testing and auditing applications and infrastructure. Chef Compliance works by comparing the actual state of a system with the desired state of a system.
Chef Compliance can inspect a Docker container via the Docker API. This provides the ability to make assertions about a live, running container without requiring any changes to the container’s contents or build process.