Continuous Compliance

There are some tools which enforce a compliant set up in Kubernetes. They trigger a deployment when a Git event happens, which deploys to the cluster based on the file that triggered the deployment, and then it will monitor the state of the workload in Kubernetes and enforces that desired state until the Git repo is changed again. If someone or something was to get into the cluster and make a change directly in the cluster, the enforcement tool would see the difference and trigger a new deployment to force a realignment with what is in Git.

Other tools, like Terraform, use a state file that records the specific outcome of a successful execution. If a change is made in the infrastructure outside of Terraform, and that change is not reflected in the state file, then the next time Terraform runs, it will correct the issue.

It would be great to have a Continuous Compliance module that takes both of these concepts together. Whenever a change or deployment is executed via Harness, there is a state file that is created and maintained. Then, Harness would hook into an event stream, like a pub/sub, that would check the compliance state of the underlying platform or architecture and then realign that with the compliance requirement.

1 Like