Securing Kubernetes API with SonicWall's Cloud Secure Edge (CSE)

  • Updated on May 20, 2024

This article describes features that are only available in the Banyan Enterprise edition and Banyan Unlimited edition.


Kubernetes (K8S) is an open-source system for automating deployment, scaling, and management of containerized applications. End users interact with K8S via the K8S API Server, typically using the kubectl client.

From a management perspective, K8S can be deployed in two flavors:

  • Managed K8S - A cloud provider (such as AWS, Azure, GCP, DigitalOcean, etc) provisions and manages the K8S cluster, tightly integrated with the cloud provider’s other offerings.
  • Hosted K8S - An enterprise operations team runs a specific K8S distribution (such as RedHat OpenShift, VMware Tanzu, Mirantis, etc) and is responsible for cluster management.

For connectivity, Cloud Secure Edge (CSE) treats the Kubernetes API as a TCP Service, using Mutually Authenticated TLS (MTLS) flows to provide secure Zero Trust access.

CSE can also be configured to leverage the OIDC authentication capability built into K8S.


Can’t find what you’re looking for?

We’re happy to help. Contact our team.