Aporeto and Kubernetes

By: Amir Sharif 02.11.2019
Aporeto and Kubernetes

Aporeto: An Overview

Aporeto is a workload identity provider, enabling, a Zero Trust Security posture for any cloud workload. The Aporeto solution decouples security from the underlying network infrastructure. All requests, at the network or API layer, made between application components or between a user and application are first authenticated and then authorized following the Zero Trust methodology.  

Identity is central to authentication and authorization. Aporeto assigns every application component a unique service identity that provides context on the following:

When an application is launched in a Kubernetes environment, Aporeto introspects the Kubernetes APIs and extracts this identity information. Aporeto also combines this application identity from Kubernetes with metadata from the cloud provider, host, and any 3rd party system (e.g. container image vulnerability scanners) for a comprehensive multi-attribute identity.

The multi-attribute service identity assigned to applications allows the creation of dynamic declarative policies tied to an application instance. This new paradigm of dynamic policies allows operations and security teams to achieve continuous deployment of applications with security compliance.

Aporeto and Kubernetes

Since Aporeto policies operate independently of the underlying infrastructure security policies can be enforced across Kubernetes cluster or across hybrid environments that include Kubernetes and non-Kubernetes deployments.

Aporeto supports all formats of Kubernetes, including managed offerings such as Google GKE, AWS EKS, Microsoft Azure AKS, IBM Cloud Kubernetes, and well as private installations such as OpenShift, kubeadm and Heptio.

For more information on Kubernetes, click here to view our Kubernetes Integration Guide.

Recent Posts How to Combat Cloud Hacking Application-aware Security, Part 3: Authentication & Communication Protocol Firecracker: Installing Aporeto Enforcer