By default, namespaces in K8s clusters are not automatically isolated. This means that resources (e.g. pod) in a namespace have unbound access to resources (e.g. pods, workloads) in other namespaces. It is critical to create isolation boundaries between different users and tenants to avoid noisy neighbor issues and reduce the lateral attack surface. Learn how Rafay can enable platform teams to implement proper governance controls, automation, RBAC, and help achieve one of the key tenets (Network separation & hardening) recommended by NSA CISA for K8s security hardening.
Signup below to access an on-demand discussion to learn more about how network policies can solve the following use cases for platform teams:
- Namespace isolation in a shared cluster between different users and tenants
- Application troubleshooting via network traffic visibility
- Implementing a zero-trust model for Workload and infrastructure protection via namespace and cluster-wide policies