How to Maintain Compliance — At the Speed of Kubernetes

Container orchestration for the highly-regulated enterprise


Containers are foundational to a modern computing infrastructure, but they are also difficult to scale without a management platform such as Kubernetes to bring together the teams from engineering and operations. But here’s the thing: Out-of-the-box Kubernetes isn’t always an easy solution for complex enterprise environments. 

While Kubernetes comes with some base opinions and configurations baked in, it’s a highly configurable and complex solution. This complexity makes it particularly arduous to integrate into an enterprise environment. The number of manual configurations and sheer level of effort necessary to set Kubernetes up correctly at scale can be a barrier to adoption. 

Further complicating matters, these large and complex operations may move applications across different cloud platforms and dependencies. They must also carry overall networking, security, and compliance policies and settings across application execution environments. 

At Capital One, we’re familiar with the nuances of Kubernetes. Added to that, we operate in a tightly regulated environment. As a leader in the financial services sector, our world is very focused on compliance and governance.

In short: If Capital One can make containerization work, then any other enterprise that feels driven to use Kubernetes should be able to do so, also.

That’s why Capital One acquired Critical Stack in 2016 — we wanted to find a container orchestration solution that implements Kubernetes with compliance in mind. Businesses that operate in strict environments can use Critical Stack to scale and manage containerized applications. Also, those operations that are new to containers — ones trying to solve resource gaps or require speed and automatic scaling — may also find Critical Stack to be the right solution for them. 

Portions of Critical Stack have been available to the open source community for a while now, albeit in an abbreviated form. And now, here’s the news: All elements of the platform are now available to the open-source community

Why Critical Stack is open source

First: Why is Capital One even developing open-source software? Yes, Capital One is a bank — but foremost, we’re  a technology company focused on the financial sector. Capital One is also a tech leader: We employ about 11,000 technologists, with about 85% of them working as in-house engineers. Notably, Capital One is the first bank to report its exit from data centers and go all-in on the public cloud. If you look at the Fortune 150, the only other company that has made a similar move is Netflix. 

Second: Why is Capital One using open-source tech in its software? We think open source brings ingenuity to our operations. In our tech transformation efforts, we have found open source tech to have the highest quality because it’s been tested and improved by a wide variety of developers in numerous operational areas.

Additionally, the broad-based open source community does what no single company ever could: It tests and gives feedback through countless different executions, at scale. This ultimately lowers costs for everyone.

In turn, Capital One contributes to the open source community because it helps not only others — but also our business. We contribute the software we want to see in the world and then get feedback and ideas for improvements.

Delivering an excellent developer experience

For organizations that have a need to run Kubernetes, Critical Stack may be the fix they need. The Critical Stack platform is a secure container platform based on Kubernetes. Benefits include more straightforward orchestration, smooth scaling, intelligent distribution, improved governance, accelerated development and verified configuration. 

Users of Critical Stack don’t have to be in the financial industry — just as Kubernetes can be used across industries, so can Critical Stack. Other Capital One projects such as Hygieia and Cloud Custodian started as internal technologies but were able to solve problems in different industries.

You can think of Critical Stack as a platform that sits on top of Kubernetes — perhaps you could even say it envelops it. In any case, Critical Stack provides tools, out of the box, that would take a great deal of effort to replicate. But to be clear: Critical Stack isn’t a grouping of shortcuts and macros, nor is it an antiquated GUI shell out of the Windows 95 era. Instead, it’s a sophisticated platform with features unavailable anywhere else.

Critical Stack offers a vastly improved developer experience that removes much of the manual tasks that come with out-of-the-box Kubernetes. The interface allows developers to focus on their work — not fighting with Kubernetes. Alone, this benefit could make Critical Stack something to consider for your use case. 

Historically enterprises haven’t given enough thought to the developer experience — but today, if you don’t offer an excellent developer experience, you’re probably not going to attract or retain the tech talent you need. Critical Stack frees developers from monotonous tasks and allows them to spend their time where their talents and passions lie - building software that solves problems.

You want to deliver an excellent user experience because you want your team to be invested in what they’re doing. With that investment, there is hope for retention — and a resulting critical mass of developers who can maintain a continuation of knowledge and expertise around your domains. You build a lasting culture the company can leverage as it moves toward accomplishing future tasks.

This is evidence of what Critical Stack is all about: Taking care of the monotonous tasks so developers can focus on their work. And that may be the ultimate value of Critical Stack: Set the developer free from the mundane while also staying within the guidelines set by the business.


Darien Ford, Senior Director of Software Engineering

Darien Ford is Senior Director of Software Engineering at Capital One who has supported enterprise Kubernetes initiatives. As accountable executive for container orchestration, he drove the adoption of a company-wide managed container platform. Darien now leads the product and go-to-market teams for an open source and commercial software innovation group. He has worked as an engineering leader across multiple industries--including live video streaming, ad technology, and cell phone gaming.


DISCLOSURE STATEMENT: © 2020 Capital One. Opinions are those of the individual author. Unless noted otherwise in this post, Capital One is not affiliated with, nor endorsed by, any of the companies mentioned. All trademarks and other intellectual property used or displayed are property of their respective owners.

Yes, We’re Open Source!

Learn more about how we make open source work in our highly regulated industry.

Learn More