First look at Tanzu Guardrails
Tanzu Guardrails (previously known as Aria Guardrails) is part of VMware Tanzu Hub which can be used as part of Tanzu Hub Free tier (read more here).
But what it is for ? It’s a complex solution define by VMware as a multi-cloud governance service to scale end-to-end policy enforcement across clouds and Kubernetes. The service enables organizations to consistently enforce standards that help regulate cost, reduce risks, and optimize performance across clouds, Kubernetes and hosts To make it simple it provides end-to-end policy and consistency enforcement across clouds, K8s, which as we know isn’t simple especially at a bigger scale.
Tanzu Guardrails in Tanzu Hub is available in the Governance tab where you can find all the findings grouped based on severity, source, category, type, etc. as listed on the screanshoot below.
Each finding contains pretty good description to be honest but also what’s mort important the suggested action which the steps we need/should perform in order to mitigate the risk and harden your environment. Below you can see a few examples related to AWS and Kubernetes I’ve get in my environment based on default settings:
Those are eye-opening becasue it yet again confirms that you cannot fully trust default settings and as I got used to keep defaults that VMware provides as usually the best (or at least decent) starting point it’s not the case with K8s or public clouds. Lots of vulerabilities are present if you keep defaults.
On the other hand if you identify a fale-positive or simply something you had to accept the risk for due to any reason you can obviously surpress a finding to not be bothered with it in the future.
Apart from generic findings for entire environment in Tanzu Guardrails we can define policies as well. Policies define how you monitor your cloud resources and accounts to ensure best practices are maintained. Having said that you can activate a policy to receive findings when configurations in your cloud resources are not aligned with that policy. There are many pre-defined policy templates that meet industrial or government standards but it’s also possible to define our your own policy to meet your organization’s specific needs
In the next artilcle I’m going to give you some examples and insights into policies and how to use them so stay tuned!