You know that feeling when access control starts to feel like a Rube Goldberg machine? Every login, role, and approval tied together with string and duct tape. Compass Kubler exists to end that chaos. It lines up infrastructure access behind one consistent identity layer so you can stop babysitting credentials and start shipping.
Compass Kubler combines two ideas: Compass, the modern infrastructure directory from Atlassian, and Kubler, a distribution and lifecycle manager for Kubernetes clusters. Compass tracks services, owners, and dependencies. Kubler builds and ships cluster images securely. Together, they form an operational map and a runtime factory. That pairing means developers can see who owns what and where it runs without wading through a jungle of YAML.
Here is the core workflow. Compass becomes the registry of truth about each service. Kubler uses that metadata to orchestrate clusters that match the team and environment. When a new service is registered, Kubler reads its config directly from Compass, builds a compliant image, and deploys it under known access rules. Instead of guessing who should own root access, you already have a stored relationship between people, services, and environments.
Link them through your existing identity provider, such as Okta or Google Workspace, using OIDC. Use existing groups to map RBAC roles in Kubernetes through Kubler’s policies. When someone leaves a team, their access disappears automatically across all clusters. No one has to chase stale kubeconfig files again.
Best practices for Compass Kubler integration
- Keep Compass ownership metadata clean. The better your service records, the more accurate your deployment automation.
- Mirror group names between Compass and your identity directory for frictionless role binding.
- Rotate cluster credentials every deployment cycle and store secrets in a managed vault.
- Use Kubler audit logs to trace any divergence between declared and running states.
The benefits stack up fast
- Centralized visibility for every running service and its owners.
- Auto-provisioned environments that follow the same compliance baseline.
- No manual ticketing for cluster access.
- Faster onboarding because roles determine runtime access automatically.
- Auditable trails that make SOC 2 or ISO 27001 checks less painful.
Once your pipeline runs through Compass Kubler, developers spend less time waiting for infra approvals. They can spin test clusters, debug issues, or roll back safely, all without pinging ops in Slack. Developer velocity goes up, and burnout goes down. Platforms like hoop.dev take this model further, turning those access rules into identity-aware guardrails that enforce policy across each deployment automatically.
How do I connect Compass Kubler to my CI/CD pipeline?
Point your pipeline to trigger Kubler builds using Compass service data as parameters. Each pipeline run reads ownership and environment config from Compass, ensuring builds inherit the right access and secrets without hardcoding credentials.
Does Compass Kubler improve security?
Yes. It removes static credentials and flaky manual controls. Everything flows through your identity provider, so permissions live with people, not files.
Compass Kubler brings order to infrastructure anarchy. It links ownership, environment, and runtime into one dependable feedback loop.
See an Environment Agnostic Identity-Aware Proxy in action with hoop.dev. Deploy it, connect your identity provider, and watch it protect your endpoints everywhere—live in minutes.