Product & Solution Briefs

Kubernetes Network Security

Achieving higher deployment velocity is one of the major benefits of microservices architectures and automation. Often times applications deployed in a cloud-managed Kubernetes cluster have a dependency on a legacy application deployed on-premises behind a North-South firewall. The only way to implement policies in such scenarios is to expose the originating service IP address in the North-South firewall and defining ingress/egress rules in the Kubernetes cluster to accept any traffic from the on-premises data center. These coarsegrained rules result in an unnecessarily large attack surface. Kubernetes network policies boil down to IP-based ingress and egress rules for access control outside the cluster, IPbased rules do not work well with dynamic microservices. An IP-based policy model requires constant recomputation every time a workload policy changes that with increased activity can create convergence issues and problems with scaling, security and unpredictable app behavior.