KIUBIT DevSecOps is an industry best practice based CI/CD toolchain that is designed to help customers quickly and easily deploy the tools necessary for developers to create cloud native applications and support adoption of containerized applications.
It collects and integrates technologies that serve Devs and Ops to deploy new applications securely on any Kubernetes platform.
Deploy DevSecOps in minutes not in days
Security controls for every component of the deployment chain
Full transparency of the development cycle
Set up DevOps quickly and easily
Deploying and adopting Cloud Native applications is quickly becoming a necessity for digitalization efforts and managing how such applications are consumed is an important factor of successful projects.
Considering aspects of cloud native application delivery can be a complicated effort, which is why Kiubit DevSecOps was created. It is a concept of best practices, technologies and Datalounges engineering that helps customers both have industry leading tools for Devs and controls for Ops.
Kiubit DevSecOps is how you create a CI/CD pipeline with vulnerability checking and easy to use provisioning for cloud native applications on any Kubernetes platform.
Easy DevSecOps with cost under control
Kiubit DevSecOps is a combination of Datalounges engineering and containerized software.
Each project to set up DevSecOps practices has its own characteristics for which purpose Kiubit DevSecOps starts with a discovery workshop to outline the use cases. The target platform for running the services is decided and finally the deployment is made. Every component is available as free and open source software with an option for an enterprise subscription.
For basic use cases the cost is a combination of Datalounges services and prepared containerized technologies. Datalounges recommends setting up Kiubit DevSecOps for testing in Tuuli Managed Kubernetes Service and then deciding the production based on support requirements.
Please refer to firstname.lastname@example.org for a quote to deliver your own Kiubit DevSecOps service.
Kiubit DevSecOps – integrated Dev and Ops toolchain
According to a Datalounges study of over 100 Nordic companies and organisations, the enabling of agile development methods and adoption of containerized applications is a challenging task.
Kiubit DevSecOps is designed as a concept to help customers become more agile, scale DevSecOps across their organization and securely adopt containers their software vendors and partners are providing.
The concept considers the most common adoption routes for cloud native applications such as own development teams, software vendors, partner development teams and operations teams which each have their own considerations for containers.
Developers are provided with containerized development tools, an automation is created which makes containers of the code created by developers and a private registry that checks the containerized applications for security vulnerabilities is included to keep cloud native applications with security considerations from entering test or production. Additionally operations are provided with an easy to use provisioning tool that helps administrators with limited Kubernetes experience to deploy workloads easily.
Containers built by others than own developers can be placed directly to the registry for security checking and provisioning.
The automation’s have been designed to keep the deployments under control while not sacrificing any of the agility gains from DevOps adoption.
Containerized technology automation
Kiubit DevSecOps is a combination of best-in-class containerized infrastructure components and Datalounges engineering
Developer interface of choice is a containerized Git, which allows developers to use the same tool they are used to for versioning the code.
An integrated CI/CD is included to build containers automatically based on Datalounges provided scripts and to place the containers in a private registry based on their naming.
The private registry configurations control the automated provisioning and the security controls necessary for a modern DevSecOps solution. It scans the containers for vulnerabilities and has policies to control unsecure containers. The registry works as a gatekeeper and scans containers regularly to keep the ops update on container security.
For admins there is an easy to use web interface to provision containerized micro services to production or test which helps ease the management burden of containerization.
An Ingres is also included in the base deployment to manage connections outside the Kubernetes cluster.
Typical workflow allows developers to automate delivery of containers from code directly to a test namespace in a selected Kubernetes platform unless they have security vulnerabilities. When code is promoted to production the containers are placed in a different group in Harbor to have Ops admins to do the provisioning to production clusters for handover between Devs and Ops.