If you’re delivering software in a regulated space, and you’re using Kubernetes, you’ll know how problematic and complicated change management is.

How Kosli automates Change Management for Kubernetes workloads

Mike Long
Mike Long
Published February 23, 2022 in technology

If you’re delivering software in a regulated space, and you’re using Kubernetes, you’ll know how problematic change management is. On one hand you have a highly dynamic container based system that’s constantly changing. On the other hand regulatory obligations mean you must have a controlled and documented way of managing all of the changes in those systems.

And that’s not all. Knowing exactly what’s running in production at any given time is difficult enough, but it’s only half the battle. You also have to know how it got there and whether it’s in compliance with your defined process.

In this article I’ll explain how Kosli can automate the change management needs for your Kubernetes workloads.

What’s in production?

The most important use case for auditors and development teams is to be able to give clear and reliable answers to what’s running in production.

You can get this information from several different sources

  • Using the kubectl command line
  • Navigating the cloud console
  • Digging through pipeline deployments

These methods require access permissions and technical understanding that might not cross team boundaries. They are also likely to be barriers to non-technical stakeholders and auditor/compliance functions. In addition, these systems make it nearly impossible to “rewind the clock” and view the historical state of production, which is essential for compliance.

Kosli diagram what’s running in production

Kosli helps teams answer this question in a way that is easy to set up with the rest of your DevOps tools. The Kosli client periodically sends the metadata of the workloads running in the cluster to the Kosli server. When Kosli receives this information, it is written to the append-only journal for that particular environment.

Once this is in place you have observability over your production workloads for debugging, troubleshooting, auditing, and security purposes. And Kosli stores the complete history, so you can now also look through the changes over time. What’s in production? Now? Last Thursday? On Christmas eve? What are the recent changes to production? The answers to these questions are now at the tips of your fingers.

Kosli app prod environment screenshot

How did it get there?

You now have a full picture of how production is changing. But production is only the final part of the compliance story. For compliance purposes you also need to understand why systems change. You need to know that correct processes have been followed, with audit trails you can trust, across your entire software development landscape.

Basically, you want to track all of the changes that will have occurred to an artifact on its journey from initial commit to production. That’s a lot of metadata, but it’s what is required to keep a dynamic, container based system in compliance.

Kosli diagram pipeline

With Kosli, capturing all of this information is as simple as adding reporting commands in your DevOps pipeline. Again, Kosli stores all of this information in tamper-proof, append-only journals, giving your stakeholders confidence that all binary provenance, risk controls, and guardrails are in place.

Kosli makes it easy to:

  • Record binary provenance based on content addressable storage
  • Attest evidence of risk controls being performed
  • Create and record release approvals
  • Log deployments

Implementing Continuous Compliance

Ok, so now you have the complete change history and event logs for production. You also have all of the metadata for each artifact’s journey to production. That means you have the building blocks required to achieve Continuous Compliance.

Continuous Compliance helps you to detect:

  • Unknown or undocumented workloads in production
  • Unapproved deployments
  • Failed deployments

Kosli uses the information from the pipelines (what should be in production) and compares this with what is actually in production. This provides you with a real time continuous audit. If there is a mismatch in expectations, or if any policies are not met, Kosli will alert you to take action in real time.

kosli app screenshot is it verified

The Kosli vision

We are strong believers in the potential for DevOps Change Management to free regulated teams to do their best work. For us it means giving them the ability to deploy compliant software changes without the manual documentation, gatekeeping, and other delays that are usually found in these industries.

We hope this has shown you how Kosli’s solution for continuous compliance and change management works for Kubernetes. We also support many other types of runtime such as web servers, s3, lambda, ecs, fargate, and more. And if you have any questions about how Kosli can help you please get in touch.


About this article

Published February 23, 2022 in technology

About the author

Mike Long

Mike Long


ABOUT THIS ARTICLE

Published February 23, 2022, in technology

AUTHOR
Mike Long
Mike Long
Live in Git Blame? Don’t spend hours searching for the change that broke your application! Query, search and discover all the changes in one place

Latest articles

Kosli announces Innovation Partnership with DNB and Firi

We are pleased to announce that Innovasjon Norge has awarded Kosli an innovation grant of 3.4 million NOK to pursue a R&D project with DNB and Firi. In this blog we’ll give you an overview of the …

The Ultimate Guide to git blame: A How To with Examples

Source control tools give users many powers and one of the big ones is traceability. With traceability tools you can know exactly who made each change and when they made it. In Git, you use the git …

Git Blame in VS Code: The 4 Best Options

Most production projects have a team collaborating on them, so even in a single file there can be multiple contributors. When things go wrong, it’s useful to understand how and why certain changes …

Sign up to our newsletter

We'll let you know about the Kosli launch, product news, features and updates
Kosli is committed to protecting and respecting your privacy. By submitting this newsletter request, I consent to Kosli sending me marketing communications via email. I may opt out at any time. For information about our privacy practices, please visit Kosli's privacy policy.
Kosli team reading the newsletter

Let’s chat!

Got a question about Kosli? An idea for a new feature? Join Kosli Slack and talk to us.

Join
Developers using Kosli