Kubernetes Cluster & Application Security
Secure Operations for Kubernetes Clusters and Applications
Mission-critical clusters and applications running in production require the highest-level of security and control. Rafay delivers this out of the box across both Kubernetes clusters and the applications running on top of them


Add Enterprise-Grade Operational Security for Kubernetes Clusters & Modern Applications
As the number of Kubernetes clusters & containerized applications grows, your enterprise is increasingly exposed to security risk that is not evident when operating 1 or 2 clusters. Rafay delivers a central, enterprise-grade level of security and control -- for both clusters and applications -- across your entire infrastructure.
Features for Kubernetes Infrastructure
RBAC & SSO
Fine grained permissions with hierarchy of users to establish separation of duties. Seamless single sign on experience for users leverage corporate directories such as Okta, AzureAD etc. MFA also supported
Zero-Trust Kubectl Access
Enable users to securely access clusters behind firewalls without requiring jump hosts or VPNs. On-demand, ephemeral k8s service accounts. Per user and per cluster fine grained access controls.
Enterprise-level Multi-Tenancy
Group multiple clusters into a logical domain using projects, geography, labels, etc. to create isolated operating environments for teams and business units
Centralized Policy Mgmt
Centrally configure OPA policies and enforce company wide compliance. Automatically detect and report policy violations.
End-to-End Audit Trail
Centralized and immutable audit logs of all user activity on fleet of clusters including zero trust kubectl access. Intuitive reverse chronological view of audit logs for analytics. Stream audit logs to corporate SIEM platforms such as Splunk for long term log retention and forensics
Features for Modern Applications
Zero-Trust Application Deployments
Deploy applications to remote clusters without requiring inbound network access to the cluster
Secrets Management Integration
Seamless integration with secrets management platforms such as HashiCorp Vault requiring zero application developer burden
Centralized Policy Mgmt
Enforce application compliance with centrally specified OPA policies. Automatically detect violations and drive remediation
Drift Detection and Blocking
Detect, get notified, and/or block out of band changes to the application on clusters
Private Manifest Repos
Ability to retrieve workload manifests from Git and Helm repos behind corporate firewalls and deploy to remote clusters
Separation of Duties
Many teams are involved in the DevOps workflow across development, QA and production environments. Rafay easily ensures that developers, QA, DevOps, and Ops/SREs teams have the right access for their roles and responsibilities
Benefits of Rafay’s Kubernetes Cluster and Kubernetes Application Lifecycle Security
Reduce Risk of Breaches
With Rafay’s built-in Zero-Trust Architecture, Kubernetes endpoints are cloaked and inaccessible from the outside, significantly reducing the risk of attack and breaches
Reduce Risk of Downtime
A more secure infrastructure and operations practices reduces the risk of downtime that can impede your business and frustrate customers
Centrally Control Access
Integrate Kubernetes cluster and application lifecycle management operations with existing security practices and centralized systems
Comply with Policies & Regulations
Comply with internal security policies and industry regulations such as PCI and HIPAA with control, visibility, and full auditing of all actions across clusters and applications


Download the White Paper
Sample K8s operations POC Test Plan
Customize this plan for your K8s Ops POC