What's your take on Zero Trust for Kubernetes?

This page summarizes the projects mentioned and recommended in the original post on /r/kubernetes
Kubernetes HacktoberFest cloud-security Acl confidential-computing

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • intents-operator

    Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.

    • I'm very passionate about this as I think cybersecurity and ops people lean too far into control -- controlling people, that is, not just programs, and they end up shooting themselves in the foot. Instead, I think you should make it easy for devs in your team to create the right access controls, and that this is the only way to achieve zero trust. Zero-trust inherently relies on all access being intentional and authorized, so if other engineers don't declare which access their code needs, it's impossible to achieve. There's an open source Kubernetes operator that aims to get this concept right with network policies and Kafka ACLs - make it easy for one person to declare which access is intentional and start rolling out zero trust using network policies, and have the access control policy live alongside the client code. Check it out at https://github.com/otterize/intents-operator. Full disclosure - I'm one of the contributors, so I'm a bit biased ;) I'm there on the Slack, so feel free to hit me up (Ori).

  • ziti

    The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti

    • It is broad, particularly with the different pillars of ZT and that ideally it would operate outside of K8S too. Curious question, with your focus on making it easy for devs, what is your thoughts on open source solutions such as OpenZiti (https://openziti.github.io/), which allows develops to embed zero trust networking principles directly into their app via an SDK and private overlay network? This would be done together with engineering operations to implement policies and controls. With this in place, we get a very mature level of ZTNA, including a software-defined perimeter to close all inbound ports. Disclaimer, I work on the project.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • constellation

    Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

    • Constellation does this as well btw: https://github.com/edgelesssys/constellation Disclaimer, I work on the project.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Using "Confidential Computing" with Hetzner? (Intel SGX/TDX, AMD SEV/SNP)

    1 project | /r/hetzner | 16 May 2023

  • Where are you hosting your Managed Kubernetes and why?

    1 project | /r/kubernetes | 5 Mar 2023

  • Why is K8 an issue when compliances become important for enterprises (HIPAA)

    1 project | /r/kubernetes | 2 Mar 2023

  • What Is Confidential Kubernetes?

    1 project | news.ycombinator.com | 15 Dec 2022

  • Constellation: Confidential Kubernetes

    1 project | news.ycombinator.com | 21 Nov 2022