Comparison between Hoop and Rancher—a tool designed to manage Kubernetes access

Similarities exist between them, yet important differences also abound. As a starting point, it is worth noting that all functionalities provided by Rancher are also available in Hoop. However, the scope of features offered by Hoop far outpaces that of Rancher; in essence, Rancher offers only a subset of the features found in Hoop.

One major difference stands out: Rancher provisions a unique user for each internal user. This approach significantly increases the overhead on backend Kubernetes clusters by spreading identities across multiple systems. Instead, a more efficient solution would be to establish a single generic user and manage all auditing and permissions in the external system. This method alleviates unnecessary complexity and overhead on Kubernetes. But it also a more secure mechanism, by exposing less of your Kubernetes infrastructure to internal users.

Rather than only managing authentication and automate identity provisioning, Hoop is a layer 7 proxy. Hoop will interact with clusters when users are given Kubernetes access, and the actual client to the Kubernetes cluster remains under your control.

We prioritize seamless integration to ensure users do not realize they are not using their local kubectl, but instead, a remotely sandboxed CLI. Our solution offers an improved user experience as it abstracts away the need to install Kubeconfig file, kubectl, switching clusters, and plugins. All you need is the Hoop CLI and an authentication provider, enabling access to all your clusters. Discovery is also a key component.

Again, we offer normal access, akin to standard Kubernetes access. This aspect, however, only addresses the user experience side. From an administration perspective, Hoop enables the setup of highly advanced policies due to our integrations with the layer 7 protocols. We allow for these policies to be adjusted or mutated, even to the extent of enabling your policies to mutate packet contents in real-time.

The range of policies you can write is virtually unlimited, thanks to a straightforward API for policy creation. A few examples of policies included in our product allow real-time PII identification and redaction. Furthermore, we offer comprehensive auditing capabilities, with automatic generation, storage, and indexing of every user action. All this can be accessed directly from our dashboard, eliminating the need for separate audit tools and reducing overhead on your system.

Break free from the complexities and limitations of RBAC. Avoid the management and performance overhead of Kubernetes audit logs. Simplify the user experience with one unified developer platform that engineers can use to interact in a range of ways with the cluster they can access.