SIG-Auth Bolstering Security Authorization in Kubernetes

Today’s topics include Kubernetes security authentication moving forward with SIG-Auth, and Elastifile providing scalable file storage for Google Cloud.

One of the primary Special Interest Groups within Kubernetes is SIG-Auth, whose members are tasked with looking at authorization security issues. At the KubeCon + CloudNativeCon NA 2018 in Seattle last week, SIG-Auth leaders outlined how the group works and its current and future priorities for the Kubernetes project.

"SIG-Auth is responsible for designing and maintaining parts of Kubernetes, mostly inside the control plane, that have to deal with authorization and security policy," said Google Software Engineer Mike Danese.

He said SIG-Auth has multiple subprojects detailed in the group's GitHub repository. Those subprojects include audit, encryption at rest, authenticators, node identity/isolation, policy, certificates and service accounts.

Over 2018, SIG-Auth added a number of security authorization features into Kubernetes, including better node isolation, protection of specific labels and self-deletion, and better audit capabilities.

Elastifile, a new-gen provider of enterprise-grade, scalable file storage for the public cloud, announced on Dec. 11 the introduction of a fully managed, scalable file storage service for Google Cloud Platform. Using its tight integration with Google Cloud infrastructure, Elastifile Cloud File Service makes it easy to deploy, manage and scale enterprise file storage in the public cloud.

According to CEO Erwan Menard, the software runs on any server and can use any type of flash media, including 3D and TLC. He also said Elastifile brings flash performance to all enterprise applications while reducing the Capex and Opex of virtualized data centers, and simplifies the adoption of hybrid cloud by extending file systems across on-premises and cloud deployments.

It also outperforms AWS—both in speed of data transfer and in pricing, Menard claimed.