Strengthen Security while Reducing Complexity
Trireme improves security and reduces complexity for Kubernetes workloads, containers, and processes. In Kubernetes environments it is implemented as a network plugin that supports NetworkPolicy resources to control ingress and egress traffic in order to secure pods based on their CIDR and port, and it goes much further to advance the state-of-the-art in automated cloud-native security for DevSecOps.
Distributed Control with Centralized Management
The Trireme Enforcer is a userland process, container, or K8s DaemonSet that is easily deployed onto each host to stand in front of the TCP/IP stack. With no shared state or locks required, scalability and administration are elegant. Enforcers are registered with the centralized Controller, which issues them their trusted identity via X.509 certificates, pushes out the security policies, and collects monitoring data for real-time and historical analysis, alerting and display.
Trireme's simple and robust approach to production-scale security makes it ideal for Kubernetes deployed, cloud-native applications. We’re pleased that Trireme chose to implement their solution on Kubernetes using the network policy API, and we look forward to seeing how the community uses it.
Aparna Sinha, Senior Product Manager, Kubernetes, Google