Trireme: Open Source Application Segmentation for Kubernetes

By: Amir Sharif 11.01.2016
Trireme: Open Source Application Segmentation for Kubernetes

Today, Aporeto is releasing Trireme, an open source application project for segmenting cloud-native applications orchestrated by Kubernetes.  We built Trireme to be simple, scalable, and secure, and to point the way to how cloud-native applications ought to be made secure by default.

Trireme’s simple and robust approach to production-scale security makes it ideal for Kubernetes deployed, cloud-native applications. We’re pleased that Trireme chose to implement their solution on Kubernetes using the network policy API, and we look forward to seeing how the community uses it.

Aparna Sinha, Senior Product Manager, Kubernetes, Google


The Aporeto team has been around for the lesser part of a year. During that time, we have provided multiple hints in our blogs about the problems that we are solving. To put it briefly, we see accelerating trends towards using the cloud as infrastructure, developing microservices as core software building blocks, and employing DevOps practices to speed up the software release process.  

Multiple accelerants are driving these trends, chief among them being the need for higher business agility and the desire for lower operational costs. Application security, however, is at best an afterthought, ultimately putting the companies that develop software and their consumers at risk.

Clearly, InfoSec teams are not idle. In fact, they are busier than ever because they are applying old security tools and methods to new software development practices. Development teams have shifted into a higher gear with feature delivery because of the cloud, microservices, and DevOps, but InfoSec teams are stuck in the first gear. In the software development world, we are running faster, but we are not running safer. 

The Benefits of Trireme

At Aporeto, we are solving these problems, and this is why we released Trireme today. Trireme makes it possible to set up security policies at scale and segment applications by enforcing end-to-end authentication and authorization. There is no need for complex control planes or IP/port-centric ACLs and east-west firewalls. This simple, scalable, and secure approach makes it possible to segment cloud-native applications effortlessly, efficiently, and effectively. 

 Although Trireme is extensible and can work with any application orchestration framework, we have opted to work with Kubernetes from the get-go for several reasons. First, Kubernetes’s design is a thing of wonder. The system is architected carefully and thoughtfully for distributed, cloud-native applications and simplifies operations at scale. Second, the world seems to have caught up with this fact and, as measured by the growing community around the project, is quickly adopting the project as the de facto orchestration layer for cloud-native applications. Third, Kubernetes is the only orchestration system that has launched an extensive and flexible network policy framework that enables the secure deployment of applications. 

Visit to get access to Trireme and its documentation and to start securing your distributed application.  We would love to get your feedback.  The project’s Twitter handle is @aporeto_trireme.


Be well,

The Aporeto Team

Recent Posts Palo Alto Networks Acquires Aporeto Palo Alto Networks Announces Intent to Acquire Aporeto Aporeto – Flexible and Secure by Default