{"id":5049,"date":"2022-12-08T08:00:00","date_gmt":"2022-12-08T08:00:00","guid":{"rendered":"http:\/\/www.sumologic.com\/blog\/kubernetes-devsecops"},"modified":"2025-06-17T11:26:33","modified_gmt":"2025-06-17T19:26:33","slug":"kubernetes-devsecops","status":"publish","type":"blog","link":"https:\/\/www.sumologic.com\/blog\/kubernetes-devsecops","title":{"rendered":"Kubernetes DevSecOps vulnerabilities and best practices"},"content":{"rendered":"\n<section class=\"e-stn e-stn-0d652506f82b000a392973813b918ee25d5b4211 e-stn--glossary-inner-content e-stn--table-of-content\"><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-1f7b3997080fc292474d26ff00c905d99d3520fa e-col--content-wrapper  col-sm-12 col-lg-12 col-xl-12\">\n<div class=\"e-div e-div-a1b32f66e1749758df41d5aea14f647cd10e362c e-div--card-btn-link\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1400\" height=\"400\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/Kubernetes_DevSecOps-blog_700x200-1.png\" alt=\"\" class=\"wp-image-5045\" title=\"\"><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-fbfe1ae6ce5a8987569c8abbd8df4d72\">Containers and Kubernetes have revolutionized the way many teams deploy cloud-native apps. Capturing issues in a deployment pipeline and using machine intelligence to find security risks has gotten smoother since the onset of the cloud native computing foundation\u2019s open telemetry project. Using a widely adopted open source container orchestration tool like Kubernetes has many benefits, but it also provides new attack vectors in a <a href=\"https:\/\/www.sumologic.com\/glossary\/continuous-integration\/\">CI<\/a>\/<a href=\"https:\/\/www.sumologic.com\/glossary\/continuous-deployment\/\">CD<\/a> pipeline. <a href=\"https:\/\/www.sumologic.com\/glossary\/telemetry\/\">Telemetry<\/a> standardization plays a key role in dispelling common or known issues, but it doesn\u2019t address every challenge.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-8709dccce4a53e9dfe4aaf85be0c64a1\">Key among those challenges is continuous security. By adding more layers and complexity to application environments, containers and Kubernetes create new opportunities for attackers and new threats for Kubernetes admins to address. And although Kubernetes provides certain built-in security features, those features are hardly enough to stop all attacks on their own.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-848420bdcb7423e2014ad7b4dbdd97db\">The following is an overview of Kubernetes security essentials, including the main types of security risks that exist in a Kubernetes-based environment, why securing Kubernetes is harder than securing non-containerized applications, and security best practices that teams can follow for maximizing Kubernetes container security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-aca5345c6fee64545b70c6b624433a0f\" id=\"kubernetes_vulnerabilities\">Kubernetes vulnerabilities<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-b9e02bb660f56a1bbd2265dd76de8b1d\">The main reason why securing Kubernetes is challenging is that Kubernetes is a sprawling platform composed of many parts. Each of those components carries its own security issues and risks.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-07769d670470a6a6c86114c245918ad3\">Here&#8217;s a rundown of the key parts of a Kubernetes environment and the most common security risks that affect them:<\/p>\n\n\n\n<ul>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-31d71ffa9fe9041b7b9ab60c9d4cc80c\">Containers: <a href=\"https:\/\/www.sumologic.com\/glossary\/container\/\">Containers<\/a> can contain malicious code that was included in their container image. They can also be subject to misconfigurations that allow attackers to gain unauthorized access under certain conditions.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-88b66f1172ad2c9b97cd0ec9cd436784\">Host operating systems: Vulnerabilities or malicious code within the operating systems installed on Kubernetes nodes can provide attackers with a path into Kubernetes clusters.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-109e9d56a94ed240d2d704dd0b1777f7\">Container runtimes: Kubernetes supports various container runtimes. All of them could potentially contain vulnerabilities that allow attackers to take control of individual containers, escalate attacks from one container to another, and even gain control of the Kubernetes environment itself.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-3072c974e8ee96335384ece7880224f7\">Network layer: Kubernetes relies on internal networks to facilitate communication between nodes, pods, and containers. It also typically exposes applications to public networks so that they can be accessed over the Internet. Both network layers could allow attackers to gain access to the cluster, or, as before, escalate attacks from one part to another.&nbsp;<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-8001a33b6c2d71b37d4b0dba3e5f6900\">API: The Kubernetes API, which plays a central role in allowing components to communicate and apply configurations, could contain vulnerabilities or misconfigurations that enable attacks.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-9ad3a752d59ad75f2e4de151486d4505\">Kubectl (and other management tools): <a href=\"https:\/\/www.sumologic.com\/blog\/kubectl-logs\/\">Kubectl<\/a>, Dashboard, and other Kubernetes management tools might be subject to vulnerabilities that allow abuse on a Kubernetes cluster.<\/p>\n\n\n\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-78290f15264663e8d4f0eb5d606799c2\" id=\"built-in_kubernetes_security_features\">Built-in Kubernetes security features<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-c734ddf66e37f43860236baa2f62f37e\">Kubernetes offers native security functions to protect against the threats described above, or at least to mitigate the potential impact of a breach. The main security features offered by Kubernetes include<\/p>\n\n\n\n<ul>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-1ad193844b51d61b9373b5956849e6c5\">Role-based access control (RBAC): Kubernetes allows admins to define what it calls Roles and ClusterRoles, which specify which users can access which resources within a namespace or an entire cluster. RBAC provides one way to regulate access to resources. Modern security best practices dictate that all tools that you are using for deployment orchestration offer RBAC support.&nbsp;<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-6d53d04ef52b1b944306be4bb42d3f7e\">Pod security policies and network policies: Admins can configure pod security policies and network policies, which restrict how containers and pods behave. For example, pod security policies can be used to prevent containers from running as the root user, and network policies can restrict communication between pods.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-b50f8157fe65c05728bb808c0da2a14f\">Network encryption: Kubernetes uses Transport Layer Security (TLS) to encrypt network traffic, providing a safeguard against eavesdropping. This cryptographic protocol is another common standard security best practice and widely used in securing HTTPS, email, and messaging platforms.&nbsp;<\/p>\n\n\n\n<\/li>\n<\/ul>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-9ad9e6e123c0b6b5a6bc05b68f8a96a4\">While these built-in Kubernetes security functions provide layers of defense against certain attacks, they do not cover all threats. Kubernetes uses primarily declaratively run environments, offering no native protections against the following types of attacks:<\/p>\n\n\n\n<ul>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-e9d4f25768bd4ee1de72a885ede1822c\">Malicious code or misconfigurations inside containers or container images: To scan for these, you would have to use a third-party container scanning tool.&nbsp;<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-c6683f2a7b4937c7682cb1f0d6a56085\">Shadow IT deployments or changes: You don\u2019t specifically need malicious code to cause security concerns. Simply not going through your company\u2019s proper change management system and bypassing compliance will cause significant Kubernetes security challenges.&nbsp;<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-5c8c5ece7c1e76b82d4b18bac3301d95\">Security vulnerabilities on host operating systems: Again, you would have to scan for these using other tools. And although some Kubernetes distributions (like OpenShift) integrate SELinux or similar kernel-hardening frameworks to provide more security at the host level, this is not a feature of Kubernetes itself.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-6158dae1a6e8b7b1d4631e0e1ab029e5\">Container runtime vulnerabilities: as before, Kubernetes has no way to know or alert you if a vulnerability exists within your runtime, or if an attacker is trying to exploit a vulnerability in the runtime.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-d3e804fb6df51e387a802188ac52b860\">Abuse of the Kubernetes API: Beyond following any RBAC and security policy settings that you define, Kubernetes does nothing to detect or respond to API abuse.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-410a1eb190720bbfef102809fdcfd2d7\">Management tool vulnerabilities or misconfigurations: Kubernetes cannot guarantee that management tools (like Kubectl) are free of security problems. The same goes for your Helm chart deployments.&nbsp;<\/p>\n\n\n\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-b749b51ee13925a0d93a69b43f9e0ed0\" id=\"kubernetes_hardening_best_practices\">Kubernetes hardening best practices<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-2eab4351ff37d9a1df068dce53f6975f\">Because the built-in security features of Kubernetes are limited, it&#8217;s critical for teams to take extra steps to secure their clusters. The following are some best practices for getting the most out of the security features Kubernetes offers and leveraging external tools and strategies to provide more security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-fecd08beffc3508a935b029e9a18f659\" id=\"configure_pod_security_and_network_policies\">Configure pod security and network policies<\/h3>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-804c17eb60d74515e81c1e230f20a1dd\">As noted above, security policies can be used to enforce restrictions for pods and networks. However, it&#8217;s important to understand that these policies are not configured and enabled in most Kubernetes distributions by default. Even if you turn them on by default in our distribution, it is likely you need to tailor them to your needs.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-8a4f1902c8b75fb46dc734d96b890864\">A critical first step for your security team is to harden Kubernetes and ensure they set up and enforce these policies in a way that reflects your team&#8217;s needs. The level of strictness that applies in these policies will vary depending on how secure the cluster needs to be. For example, a production cluster is more likely to have more restrictive policies (such as policies that prevent write-access to resources and prevent all non-essential network traffic) than a cluster used internally for a development pipeline, or for testing and deployment purposes (in which case very strict security policies are typically not as important because the cluster will not be running mission-critical apps connected to the public Internet).<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-d775cb495ffd91521fb8772e5100a758\" id=\"kubernetes_host_security\">Kubernetes host security<\/h3>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-7ddc6519f4ee993ec85cc448f0a50984\">Kubernetes is only as secure as the operating systems that power its nodes. Because Kubernetes cannot monitor or harden host operating systems, admins need to cover that ground themselves. This is of course required for on-premises hosts as well, regardless of whether you have containerized infrastructure or not.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-81fd192d082b01a5dc61cf2e7d7b3a1f\">It&#8217;s a best practice to choose a host Linux distribution with a minimal footprint because extraneous operating system apps or services that are not necessary for Kubernetes increase the attack surface needlessly. You might even use a bare-metal deployment setup, where no operating system is used at all (such as with IOT systems). It&#8217;s also a best practice to enable SELinux, AppArmor, or a similar security framework on the host system. These tools add another layer of protection against certain exploits against the host. Finally, user, group, and filesystem permissions should be properly configured on the host to ensure that only user accounts that should access the Kubernetes installation can.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-a9d3e1dda50c145ef4b110672b4065ea\" id=\"keep_your_runtime_secure_and_up-to-date\">Keep your runtime secure and up-to-date<\/h3>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-08839b5593b1269ff1988bedfae3a482\">No container runtime used in conjunction with Kubernetes is immune to security vulnerabilities. Therefore, one can never be certain the runtime is safe. However, you can mitigate the risk by keeping the runtime up-to-date.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-86beac1e3a5438aab8b79631718169a5\" id=\"leverage_logging_and_auditing_to_improve_security\">Leverage logging and auditing to improve security<\/h3>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-ab7e5a18ab3b03e61aa20fc2be8dac03\"><a href=\"https:\/\/www.sumologic.com\/guides\/log-analytics\/\">Log data<\/a> provide crucial insights into potential security breaches. It&#8217;s also critical for investigating past events. However, while Kubernetes provides facilities for generating log data, it provides no features for auditing or interpreting that data for any purpose, least of all for security. You, therefore, need to adopt third-party tools to leverage Kubernetes log data as a basis for security operations. <a href=\"https:\/\/www.sumologic.com\/guides\/log-management\/\">Read how centralized log management<\/a> is the key to reliable and secure applications.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-2ccad6003aed3c78692d0c0660ed9763\">Sumo Logic helps with this process by making it easy to aggregate and interpret Kubernetes logs. By installing the <a href=\"https:\/\/help.sumologic.com\/07Sumo-Logic-Apps\/10Containers_and_Orchestration\/Kubernetes\" target=\"_blank\" rel=\"noopener\">Sumo Logic Kubernetes App<\/a>, teams can put Kubernetes logs to work to detect anomalous activity on Kubernetes nodes and networks, and thus gain critical visibility into their Kubernetes environments.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-bfd74840bdaf26d1355ec0eeb1e4e8a2\">With Sumo Logic, you can put all these pieces together to build end-to-end observability in Kubernetes.<\/p>\n\n\n\n<ol>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-d26110fa6a4bc7f287b08ca66f719ac1\">Setup and Collection &#8211; The entire collection process can be set up with a single Helm chart. Fluentbit, Fluentd, Prometheus, and Falco are deployed throughout the cluster to collect log, metric, event and security data.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-f2fb5a8206f8966f16f5d625ff33ab85\">Enrichment &#8211; Once collected, the data flows into a centralized Fluentd pipeline for metadata enrichment. Data is enriched- tagged- with the details about where it originated in the cluster; the service, deployment, namespace, node, pod, container, and their labels.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-5dd1967bd32957df2eefe5a06922bfae\">Sumo Logic &#8211; Finally, the data is sent to Sumo Logic via HTTP for storage, access, and most importantly analytics.<\/p>\n\n\n\n<\/li>\n<\/ol>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-2da10af52cdb0b643760352668e20063\">Note: Labels &#8211; When you create objects in Kubernetes, you can assign custom key-value pairs to each of those objects, called labels. These labels can help you organize and track additional information about each object. For example, you might have a label that represents the application name, the environment the pod is running in or perhaps what team owns this resource. These labels are entirely flexible and can be defined as you need them. Our FluentD plugin ensures that those labels are captured along with the logs, giving continuity between the resources you have created and the log files they are producing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-e769ba7ab29b24d2e0184b46912d8b33\" id=\"metadata_enrichment\">Metadata enrichment<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-a3d24e0726e3b0c90015fe23901945d3\">Unified metadata enrichment is critical to building context about the data in your cluster and the components&#8217; hierarchy. Standalone Prometheus or Fluentd deployments give some context about the data &#8211; node, container, and pod level information &#8211; but not valuable insight into the service, deployment or namespace. <a href=\"https:\/\/www.sumologic.com\/blog\/sumo-logics-investment-in-otel\/\">Sumo Logic uses OpenTelemetry<\/a> to unify data collection.&nbsp;<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-af0f053c3f39299a33df89afb2553d27\">Using OpenTelemetry allows Sumo to eventually unify on a single collection agent for logs, metrics, and traces. This allows for no vendor lock-in (such as with using Jaeger FluentBit, Dynatrace, New Relic, etc). By centralizing the collection method, Sumo Logic\u2019s solution allows data to correlate and discover causality across your Kubernetes infrastructure. Learn more in our <a href=\"https:\/\/www.sumologic.com\/guides\/opentelemetry\/\">ultimate guide to OpenTelemetry<\/a>.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-6ca6931daed1da51374ff5dbdbf2753e\">A key tenant to <a href=\"https:\/\/www.sumologic.com\/glossary\/kubernetes-monitoring\/\">Kubernetes monitoring<\/a> is having consistent metadata tagging across logs, metrics, traces, and events; without which it would be impossible to correlate data when troubleshooting. You can use this metadata when searching through your logs and metrics and use them together to have a unified experience when navigating your machine data.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-af23599b10b5b424053d1c3778631005\">The namespace overview gives quick visibility into pods experiencing issues, or in this case, in a CrashLoopBackOff state. As many of you may already know from previously troubleshooting this common error, it is most often found due to over-utilized resources and memory usage. Correlating signals in order to find causality in this case is much simpler with the use of Open Telemetry via a single agent.&nbsp;<\/p>\n\n\n<div class=\"e-img \">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"1014\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/Namespace_Overview.png\" alt=\"Metadata Enrichment dashboard\" class=\"wp-image-5046\" title=\"\"><\/figure>\n<\/div>\n\n\n<p style=\"font-size:.9rem;\"><em>Namespace overview gives quick visibility into pods experiencing issues or in this case, in a CrashLoopBackOff state.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-ff3c1e5ef5ed2a26eda5a509417974b4\" id=\"ingestion_into_sumo_logic\">Ingestion into Sumo Logic<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-3698cfb10f45e4a9e3eac9cc3ae68615\">There is tremendous value in having this data come to a single place. With metrics serving as the smoke detector, and logs enabling us to drill down to the root cause, unifying these data sources around a common metadata language enables us to easily correlate these signals. We can pivot from the metrics data about a cluster to the events data about a cluster to the logs data about an application.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-25973bc38fe7244a1e1256f9f1c34133\">Metadata enables us to build a hierarchical view of a cluster. By connecting pods to their services or group nodes by cluster, it becomes easier to explore the Kubernetes stack. By tapping into the Auto-discovery capabilities inherent in Prometheus, we can ensure that the hierarchy visualized in Sumo Logic is accurate and up to date.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-1160ca3341e23e8b34cb89669bc95a47\">Rich metadata enables Sumo Logic to automate building out the Explorer hierarchy of the components present in your cluster and keep the Explorer up to date as pods are added and removed.<\/p>\n\n\n<div class=\"e-img \">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"1014\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/PodResourceOverview.png\" alt=\"Ingestion into Sumo Logic dashboard\" class=\"wp-image-5047\" title=\"\"><\/figure>\n<\/div>\n\n\n<p style=\"font-size:.9rem;\"><em>Rich metadata enables Sumo Logic to automatically build out the explorer hierarchy of the components present in your cluster, and keep the explorer up to date as pods are added and removed.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-a48d8963c8cf8947ae455bfa22aff43e\" id=\"tying_together_devops_and_secops\">Tying together DevOps and SecOps<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-02ffdd524224c7f0c187b0f23274f81b\">Development needs to happen with security in mind. Code needs to be constructed so that logs are instructive and useful. Code analysis is critical, as is unified observability. All teams need to access the same data. There is still a deep division between these teams. As systems become more distributed, these teams (AND their data) need to come together.&nbsp;<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-ade2535d575ee9eabc9e0adc58b56c03\">Kubernetes is the perfect example of how teams can work together in distributed environments. With potentially hundreds of microservices running in an application, containerization and organized distributed systems that utilize Kubernetes become a necessity. Kubernetes is as distributed as it gets, and the architecture has a lot of built-in tooling that makes it easy to pull data from highly federated infrastructure.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-0b199789f9559b1d29ae3daf9c94a55e\">Dameon sets, for example, enable standardization for monitoring across nodes. Most deployments can collect the data, but fail by sending it to various, often disparate, backends tools for analysis.&nbsp;<\/p>\n\n\n\n<ul>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-16f8d957faafa02217401d7d26aec02c\">The security team is only looking at compliance and threat data. But wouldn&#8217;t it be useful for them to know when deployments happen? What are the metrics across the cluster? These are useful investigative tools.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-f53d02328c20ffab319d1b25eab08337\">The development team might just look at the logging output to troubleshoot their application, but it is also critical that they look at the performance metrics of their application running in production.&nbsp;<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-fbdfbac8274d3e777710f09d4e282c3f\">Finally, the ITops team needs observability data for the cloud infrastructure to ensure smooth deployments, but also understand the apps running in that infrastructure.&nbsp;<\/p>\n\n\n\n<\/li>\n<\/ul>\n\n\n<div class=\"e-img \">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"1014\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/ClusterOverview_integratedSecurityVisibility.png\" alt=\"Tying together DevOps and SecOps dashboard\" class=\"wp-image-5048\" title=\"\"><\/figure>\n<\/div>\n\n\n<p style=\"font-size:.9rem;\"><em>Security visibility is available at the cluster level alongside log, metric, and event data.<\/em><\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-d7fb4b3b71325f58d43d04108f854f5b\">Your security and development team can take this further by providing data about security policies and controls and relevant events in the context of the Kubernetes mental model.&nbsp;<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-b4ca22d8cb86fb9ce1601a3ac36e231d\"><a href=\"https:\/\/www.sumologic.com\/application\/kubernetes\/\">Learn more about Sumo Logic\u2019s DevSecOps platform for Kubernetes.<\/a>&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":234,"featured_media":0,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"8","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"blog-category":[132,125,127],"blog-tag":[]},"selected_primary_terms":[],"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"4668,71369,71176","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"blog-category":[132,125,127],"blog-tag":[],"class_list":["post-5049","blog","type-blog","status-publish","hentry","blog-category-containers","blog-category-devops-it-operations","blog-category-secops-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/5049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/234"}],"version-history":[{"count":5,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/5049\/revisions"}],"predecessor-version":[{"id":26926,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/5049\/revisions\/26926"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=5049"}],"wp:term":[{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog-category?post=5049"},{"taxonomy":"blog-tag","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog-tag?post=5049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}