Variant selected Fairwinds Insights, the Kubernetes governance platform, to make it easy for developers to deploy applications as securely as possible.
Variant utilizes a combination of smart technology, a modern fleet of tractors, and a network of highly trained, professional drivers to efficiently move freight for a wide variety of customers. The company implements a range of digital initiatives and technology to drive innovation in the industry, streamline the value chain for customers, and improve the overall driver experience.
The platform engineering team at Variant is focused on building automated CI/CD pipelines. It owns an internal, custom-built tool that lets development teams request application resources via YAML. The platform team's tool will automatically deploy resources for the developer including the Docker file, infrastructure-as-code, and role-based access control. Vibin Daniel, Manager, Platform Engineering, said “At the same time, we try to ensure the applications have all the security fixes addressed at the build stage.”
With a platform engineering team of six serving sixty developers and running 10 Kubernetes clusters, Daniel’s team is focused on sprints, support and production deployment. Variant has an extensive production readiness checklist to ensure all applications meet Kubernetes and Terraform specifications, have secure infrastructure-as-code configuration, and adhere to Variant’s sizable guidelines, including checks that Kubernetes resource limits are set or if an API has proper security authorization.
The platform engineering team manually undertakes the checklist each time a developer wants to deploy to prod. The manual task can take 3-5 days to complete - delaying time-to-market, and consuming valuable engineering time and resources. Daniel said, “Two teams are impacted each time we want to deploy to production. The platform engineering team sprints are interrupted and our developers are stuck and frustrated with waiting.”
“We were not able to focus on platform engineering sprints because we had to keep up our developer support work. That’s when we knew we needed a tool to automate our checklists and provide developers with a tool that shows them what they need to fix in staging.”
Variant had two goals:
“We wanted to automate the deployment checklist before production so our developers can see in staging what they need to fix.”
Aware of the open source project, Polaris, by Fairwinds, Variant found Fairwinds Insights. Fairwinds Insights is a Kubernetes governance platform that helps platform engineering teams and DevOps to set guardrails within the CI/CD process to enable developers to identify missing configurations, gain remediation advice so they can fix problems and get to production faster. Users benefit from continuous automated scanning to improve security, enforce policy, optimize cloud spend and enable service ownership. The Fairwinds Insights Admission Controller runs every time a new resource is added to the cluster. If the resource violates policies, the Admission Controller rejects it and notifies developers on required changes.
“Using Fairwinds Insights, the Kubernetes security guardrails we set are enforced, helping us reduce risk.”
Fairwinds Insights has completely replaced the manual deployment checklist. Now developers can view in staging what needs to be fixed, remediate the problems with detailed advice and deploy to production without the platform engineering team. “Every time an application is deployed to staging, developers are learning more of what’s required to get to production, providing on the job training.”
If new Kubernetes guardrails are required, the platform engineering team will create the Action Item in Insights that integrates with Jira, creates a ticket and the developers will know what changes are needed.
Insights saves the platform team one to two weeks of work —and developers even more time. “We’ve gone from a manual process over weeks to a fully automated process saving significant time and resources. My team can now focus on our sprints, the R&D work we prefer.”
Variant also integrated Open Policy Agent (OPA) custom policies with Insights to help improve application deployment. Vibin said, “We’ve created customized OPA policies that check to ensure that an application follows certain OpenAPI specification standard before it is deployed in production. This has been accomplished with the help of the Insights APIs that allows us to check if the Action Items in stage have been fixed before a production deployment. If there are Action Items present in stage, then the Admission Controller in production will fail it. This helps us ensure that all Kubernetes configuration and application implementation requirements are handled before even reaching production.”
Variant plans to use the Insights application rightsizing and Kubernetes billing accuracy for AWS features to help optimize a high capacity node beta project. “We will use the Goldilocks report within Insights to help monitor our AWS usage to either save money or improve reliability, something we’ve already done to set CPU and memory resources appropriately in existing applications.”
Vibin confirms his team “will be integrating more and more with Insights and monitoring the AWS cost portion through the platform to decide whether it should be increased or decreased.”
“The ability to add custom reports to the Action Items is really powerful. We can have our own applications that create reports in Insights and plan to integrate Checkov Terraform vulnerability scanning and Prowler, an Open Source security tool to perform AWS security best practices assessments. Because of these security integrations, Insights will be shared by both the platform engineering team and the DevSecOps team.”
The Insights platform now solves all of these concerns through a single tool. “I tell my boss, Fairwinds is making my life easier, and everyone gets things done faster,” says Daniel.