Securing Kubernetes API with Banyan
- Updated on Jan 19, 2021
Overview
Kubernetes (K8S) is an open-source system for automating deployment, scaling, and management of containerized applications. End users interact with K8S via the K8S API Server, typically using the kubectl
client.
From a management perspective, K8S can be deployed in two flavors:
- Managed K8S - A cloud provider (such as AWS, Azure, GCP, DigitalOcean, etc) provisions and manages the K8S cluster, tightly integrated with the cloud provider’s other offerings.
- Hosted K8S - An enterprise operations team runs a specific K8S distribution (such as RedHat OpenShift, VMware Tanzu, Mirantis, etc) and is responsible for cluster management.
For connectivity, Banyan treats the Kubernetes API as a TCP Service, using Mutually Authenticated TLS (MTLS) flows to provide secure Zero Trust access.
Banyan can also be configured to leverage the OIDC authentication capability built into K8S.