Securing Kubernetes API with Banyan

  • Updated on Jan 19, 2021

Overview

Kubernetes (K8S) is an open-source system for automating deployment, scaling, and management of containerized applications. End users interact with K8S via the K8S API Server, typically using the kubectl client.

From a management perspective, K8S can be deployed in two flavors:

  • Managed K8S - A cloud provider (such as AWS, Azure, GCP, DigitalOcean, etc) provisions and manages the K8S cluster, tightly integrated with the cloud provider’s other offerings.
  • Hosted K8S - An enterprise operations team runs a specific K8S distribution (such as RedHat OpenShift, VMware Tanzu, Mirantis, etc) and is responsible for cluster management.

For connectivity, Banyan treats the Kubernetes API as a TCP Service, using Mutually Authenticated TLS (MTLS) flows to provide secure Zero Trust access.

Banyan can also be configured to leverage the OIDC authentication capability built into K8S.

Sections