Kubernetes Cluster & Application Security

Secure Operations for Kubernetes Clusters and Applications

Mission-critical clusters and applications running in production require the highest-level of security and control. Rafay delivers this out of the box across both Kubernetes clusters and the applications running on top of them

Start Now

Add Enterprise-Grade Operational Security for Kubernetes Clusters & Modern Applications

As the number of Kubernetes clusters & containerized applications grows, your enterprise is increasingly exposed to security risk that is not evident when operating 1 or 2 clusters. Rafay delivers a central, enterprise-grade level of security and control -- for both clusters and applications -- across your entire infrastructure.

Features for Kubernetes Infrastructure

RBAC & SSO

Fine grained permissions with hierarchy of users to establish separation of duties. Seamless single sign on experience for users leverage corporate directories such as Okta, AzureAD etc. MFA also supported

Zero-Trust Kubectl Access

Enable users to securely access clusters behind firewalls without requiring jump hosts or VPNs. On-demand, ephemeral k8s service accounts. Per user and per cluster fine grained access controls.

Enterprise-level Multi-Tenancy

Group multiple clusters into a logical domain using projects, geography, labels, etc. to create isolated operating environments for teams and business units

Centralized Policy Mgmt

Centrally configure OPA policies and enforce company wide compliance. Automatically detect and report policy violations.

End-to-End Audit Trail

Centralized and immutable audit logs of all user activity on fleet of clusters including zero trust kubectl access. Intuitive reverse chronological view of audit logs for analytics. Stream audit logs to corporate SIEM platforms such as Splunk for long term log retention and forensics

Features for Modern Applications

Zero-Trust Application Deployments

Deploy applications to remote clusters without requiring inbound network access to the cluster

Secrets Management Integration

Seamless integration with secrets management platforms such as HashiCorp Vault requiring zero application developer burden

Centralized Policy Mgmt

Enforce application compliance with centrally specified OPA policies. Automatically detect violations and drive remediation

Drift Detection and Blocking

Detect, get notified, and/or block out of band changes to the application on clusters

Private Manifest Repos

Ability to retrieve workload manifests from Git and Helm repos behind corporate firewalls and deploy to remote clusters

Separation of Duties

Many teams are involved in the DevOps workflow across development, QA and production environments. Rafay easily ensures that developers, QA, DevOps, and Ops/SREs teams have the right access for their roles and responsibilities

Benefits of Rafay’s Kubernetes Cluster and Kubernetes Application Lifecycle Security

Reduce Risk of Breaches

With Rafay’s built-in Zero-Trust Architecture, Kubernetes endpoints are cloaked and inaccessible from the outside, significantly reducing the risk of attack and breaches

Reduce Risk of Downtime

A more secure infrastructure and operations practices reduces the risk of downtime that can impede your business and frustrate customers

Centrally Control Access

Integrate Kubernetes cluster and application lifecycle management operations with existing security practices and centralized systems

Comply with Policies & Regulations

Comply with internal security policies and industry regulations such as PCI and HIPAA with control, visibility, and full auditing of all actions across clusters and applications