Policy-Driven Storage Governance: How Nirmata is Helping Secure Rakuten Cloud Products

Policy-Driven Storage Governance: How Nirmata is Helping Secure Rakuten Cloud Products

Policy Driven Storage Governance V2

Co-Author & Guest Contributor: Sadeek Mohammad (Rakuten Cloud)

 

Introduction

In today’s cloud-native world, managing storage effectively in Kubernetes environments is crucial for security, compliance, and operational efficiency. Rakuten Cloud and Nirmata are partnering to bring policy-based governance to Rakuten Cloud-Native Platform and Rakuten Cloud-Native Storage, ensuring that enterprise storage is secure, resilient, and compliant.

Rakuten Cloud-Native Platform and Rakuten Cloud-Native Storage are CNCF-compliant Kubernetes-based platforms that automate the deployment, scaling, and lifecycle management of Data and Network intensive applications. However, without automated guardrails, storage misconfigurations, security vulnerabilities, and compliance gaps can arise. By integrating Nirmata’s policy-driven governance capabilities with Rakuten Cloud products, we aim to automate compliance, simplify audits, and prevent misconfigurations—delivering scalable, enterprise-ready storage management.

 

The Challenge: Securing and Governing Kubernetes Storage

Kubernetes provides flexibility for managing stateful workloads, but storage governance remains a challenge. Organizations must ensure that:

  • Storage classes are consistently defined and enforced.
  • Data replication and snapshots are properly managed to prevent data loss.
  • Port security is enforced to prevent conflicts and vulnerabilities.
  • Certificates and encryption policies are implemented to safeguard sensitive data.
  • HTTPS enforcement ensures secure communication between services.
  • Automated compliance checks simplify audits and regulatory adherence.

These challenges are particularly critical in industries like Financial Services, where compliance and data integrity are paramount. Without proactive governance, misconfigurations can lead to security breaches, operational failures, and costly downtime.

 

The Solution: Policy-Based Governance with Kyverno & Rakuten Cloud-Native Platform

To address these challenges, Nirmata Control Hub provides policy-based governance for Rakuten Cloud-Native Platform through Kyverno-based policies. These policies enable:

Storage Class Governance

  • Enforcing “Robin” as the default storage class.
  • Requiring LZ4 compression to optimize storage efficiency.

Volume Management Policies

  • Data replication enforcement for high availability.
  • Snapshot management to ensure recovery options.
  • Prevention of storage capacity failures through policy-based monitoring.

Security Guardrails

  • Enforcing HTTPS for all communications.
  • Protecting reserved ports to avoid conflicts.
  • Ensuring certificate security to prevent unauthorized access.

 

Implementation: Deploying Guardrails for Rakuten Cloud-Native Platform

The implementation involves a seamless integration of Nirmata Control Hub with Rakuten Cloud-Native Platform. Here’s a breakdown:

1. Kyverno Policy Deployment:

  • Pre-built Kyverno policies, tailored for Rakuten Cloud-Native Platform, are deployed via Nirmata Control Hub.
  • These policies are configured to enforce the desired storage governance rules.
  • For a comprehensive list of all the policies, please visit this GitHub repo: https://github.com/nirmata/partner-policies/tree/main/rakuten

2. Sample Policy: Enforcing LZ4 Compression

    • To illustrate, here’s a sample Kyverno policy that enforces LZ4 compression for storage classes:
    apiVersion: kyverno.io/v1
    kind: ClusterPolicy
    metadata:
        annotations:
            policies.kyverno.io/category: Rakuten CNS
            policies.kyverno.io/description: This policy ensures that StorageClass objects named 'robin' have the compression algorithm set to 'LZ4', except in the default namespace.
            policies.kyverno.io/severity: medium
            policies.kyverno.io/subject: StorageClass
            policies.kyverno.io/title: Enforce StorageClass Compression
        name: enforce-storageclass-compression
    spec:
        background: true
        rules:
            - match:
              any:
              - resources:
                  kinds:
                  - StorageClass
                  names:
                  - robin*
              name: check-compression-algorithm
              validate:
              message: StorageClass 'robin' must have compression algorithm set to 'LZ4'
              pattern:
                  parameters:
                      compression: LZ4
        validationFailureAction: Enforce
    • This policy checks if the “compression” parameter in the StorageClass is set to “LZ4.” If not, it blocks the creation or update of the StorageClass.

    3. Configuration and Customization:

    • Organizations can customize policies to meet their specific security and compliance requirements.
    • Nirmata’s intuitive interface simplifies policy management and updates.

    4. Continuous Monitoring and Enforcement:

    • Kyverno continuously monitors the Kubernetes cluster, enforcing policies in real time.
    • Alerts are generated for policy violations, enabling rapid remediation.

    5. Integration with Existing Workflows:

    • The system can be integrated with existing CI/CD pipelines to ensure that only compliant storage configurations are deployed.
    • Audit logs are generated to simplify compliance reporting.

    image (1)

    image (2)

     

    Results and Strategic Value

    The partnership between Nirmata and Rakuten Cloud delivers significant strategic value:

    • Enhanced Security:
      • Proactive policy enforcement minimizes the risk of storage misconfigurations and security vulnerabilities.
      • Robust security guardrails protect sensitive data and ensure compliance.
    • Improved Operational Efficiency:
      • Automated governance reduces manual effort and simplifies storage management.
      • Consistent storage configurations improve reliability and reduce downtime.
    • Simplified Compliance:
      • Automated compliance checks and audit logs streamline regulatory adherence.
      • Organizations can confidently demonstrate compliance with industry standards.
    • Accelerated Innovation:
      • By offloading the burden of storage governance, development teams can focus on innovation.
      • Faster deployment cycles and reduced risk contribute to business agility.

     

    Conclusion: The Future of Secure Cloud-Native Platform

    The partnership between Nirmata and Rakuten Cloud marks an important step in advancing secure, scalable, and automated storage governance for Kubernetes. By leveraging policy-as-code, organizations can ensure that their storage infrastructure remains resilient, compliant, and optimized. This collaboration not only addresses the immediate challenges of storage management but also sets a new standard for how enterprises approach security and compliance in the cloud-native era.

     

    Ready to experience the power of policy-driven storage governance?

    • Start your free trial today: Sign up for a free trial/demo of Nirmata Control Hub and Rakuten Cloud-Native Platform to see how you can secure and optimize your Kubernetes storage.
    • Reach out to our experts: Have specific questions or need assistance with your Kubernetes storage strategy? Contact our team for a personalized consultation.

    By continuing to innovate and collaborate, Nirmata and Rakuten Cloud are empowering organizations to build and manage secure, scalable, and compliant cloud-native applications. To learn more about the partnership please visit the latest press release.

    Optimizing Your Kubernetes Environment with Policy as Code: A Recap of the CNCF Live Session
    No Comments

    Sorry, the comment form is closed at this time.