-
intents-operator
Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.
-
ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
constellation
Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
I'm very passionate about this as I think cybersecurity and ops people lean too far into control -- controlling people, that is, not just programs, and they end up shooting themselves in the foot. Instead, I think you should make it easy for devs in your team to create the right access controls, and that this is the only way to achieve zero trust. Zero-trust inherently relies on all access being intentional and authorized, so if other engineers don't declare which access their code needs, it's impossible to achieve. There's an open source Kubernetes operator that aims to get this concept right with network policies and Kafka ACLs - make it easy for one person to declare which access is intentional and start rolling out zero trust using network policies, and have the access control policy live alongside the client code. Check it out at https://github.com/otterize/intents-operator. Full disclosure - I'm one of the contributors, so I'm a bit biased ;) I'm there on the Slack, so feel free to hit me up (Ori).
It is broad, particularly with the different pillars of ZT and that ideally it would operate outside of K8S too. Curious question, with your focus on making it easy for devs, what is your thoughts on open source solutions such as OpenZiti (https://openziti.github.io/), which allows develops to embed zero trust networking principles directly into their app via an SDK and private overlay network? This would be done together with engineering operations to implement policies and controls. With this in place, we get a very mature level of ZTNA, including a software-defined perimeter to close all inbound ports. Disclaimer, I work on the project.
Constellation does this as well btw: https://github.com/edgelesssys/constellation Disclaimer, I work on the project.