Aporeto and Kubernetes

By: Amir Sharif 02.11.2019
Aporeto and Kubernetes

Aporeto: An Overview

Aporeto is a workload identity provider, enabling, a Zero Trust Security posture for any cloud workload. The Aporeto solution decouples security from the underlying network infrastructure. All requests, at the network or API layer, made between application components or between a user and application are first authenticated and then authorized following the Zero Trust methodology.  

Identity is central to authentication and authorization. Aporeto assigns every application component a unique service identity that provides context on the following:

  • Where is this application running: Public or Private cloud specific information. Example cloud name, cloud region.
  • What is this application running: Container image running.
  • Who started this application: Kubernetes service account or user that launched an application.
  • What is the reputation of this application: Vulnerabilities (CVEs) associated to a container.
  • Any assigned metadata from any 3rd party system: User assigned metadata through Kubernetes.


When an application is launched in a Kubernetes environment, Aporeto introspects the Kubernetes APIs and extracts this identity information. Aporeto also combines this application identity from Kubernetes with metadata from the cloud provider, host, and any 3rd party system (e.g. container image vulnerability scanners) for a comprehensive multi-attribute identity.

The multi-attribute service identity assigned to applications allows the creation of dynamic declarative policies tied to an application instance. This new paradigm of dynamic policies allows operations and security teams to achieve continuous deployment of applications with security compliance.

Aporeto and Kubernetes

Since Aporeto policies operate independently of the underlying infrastructure security policies can be enforced across Kubernetes cluster or across hybrid environments that include Kubernetes and non-Kubernetes deployments.

Aporeto supports all formats of Kubernetes, including managed offerings such as Google GKE, AWS EKS, Microsoft Azure AKS, IBM Cloud Kubernetes, and well as private installations such as OpenShift, kubeadm and Heptio.

For more information on Kubernetes, click here to view our Kubernetes Integration Guide.

Recent Posts Aporeto Launches New Identity Federation Capabilities for Kubernetes Pods & Istio Service Mesh, Delivering Security as Code to Accelerate DevSecOps Easy Application Network Encryption and Access Control Without Re-coding Your Application Aporeto Named to 2019 CNBC Upstart 100 List of Most Promising Start-Ups