DEVOPSdigest

Rafay Systems launched a new open-source software project named Paralus to enable secure, audited access for developers, operations, SREs and CI/CD tools to remote Kubernetes (K8s) clusters.

Paralus offers access management for developers, architects, and CI/CD tools to remote K8s clusters by consolidating zero-trust access principles such as transaction level authentication and authorization into a single open-source tool. It helps engineering and architecture teams streamline access control for their fleet of K8s clusters spanning different operating environments, different public clouds and K8s distributions, and on-premises data centers operating behind firewalls.

Paralus provides a frictionless way for developers and architects to leverage open-source software that uses zero-trust principles to secure access to all K8s environments and harden security practices for cloud-native applications.

Paralus grants authorized users seamless and secure access to all clusters with a native and familiar kubectl experience by acting as a proxy between the users and systems needing access and the K8s API server. It also addresses one of K8s' main pain points by eliminating the burden of managing K8s access controls cluster by cluster. Without Paralus, companies must manually manage access to each cluster using jump hosts or VPNs, and build custom tooling to audit and map all actions performed to a user's identity – all of which which is error-prone and increases the risk of breaches as the number of clusters grows.

Along with helping directly manage role-based access control (RBAC) policies and assignments, Paralus enables:

- Creation of custom roles, users, and groups

- Dynamic and immediate changing and revoking of permissions

- Ability to control access via pre-configured roles across clusters, namespaces, projects, and more

- Seamless integration with Identity Providers (IdPs) allowing the use of external authentication engines for users and group definitions, such as GitHub, Google, Azure AD, Okta, and others

- Automatic logging of all user actions performed for audit and compliance purposes

- Flexible workflows with a modern web GUI, a CLI tool called pctl, and a Paralus API

"While Kuberentes is the de facto standard for container orchestration, companies have significant challenges related to securing this new, mission critical infrastructure. Rafay is leveraging its industry leadership and unmatched expertise in the Kubernetes arena to contribute this highly valuable asset to the community," said Haseeb Budhani, CEO and co-founder of Rafay Systems. "Today, Paralus' capabilities are the most widely used in the company's Kubernetes Operations Platform offering, and has been battle tested by thousands of architects, developers, operations, and DevSecOps professionals at world-leading companies. We are excited to open source this technology, submit Paralus to the Cloud-Native Computing Foundation (CNCF), and assist the broader community in solving this critical access management issue that plagues Kubernetes deployments."