Getting Control of Kubernetes

Visualize and Monitor All Kubernetes Clusters and Pods

Kubernetes is considered today as the de facto orchestration tool for managing and deploying containers and has become the ideal system for building and operating cloud-native applications. Alcide’s native integration with Kubernetes enables organizations to ensure their Kubernetes workloads are monitored, managed and secured properly. Real-time Kubernetes’ containers and pods activities are visualized on Alcide’s infrastructure and application map.

RBAC Authorization & Authentication

RBAC enables your clusters to maintain the principle of least privileges – running workloads, pods & microservices, in general, must be able to access only the information and resources that are necessary for its legitimate purpose, and nothing else beyond. Make sure to validate and limit cloud provider IAM roles assigned to instances and assign IAM roles to run workloads

Implement Right Network Segmentation

Segment the cluster using the cloud provider security toolchain such as security groups. Monitor Kubernetes Network Policies and see how they are layered on top of the Security Groups, enabling policies to be easily tuned and refined through application labeling and apply to the relevant tier in the organization. Control who can access the Kubernetes API server at the network level and segment the cluster worker nodes: limit, control & monitor node-to-node communications using security groups.
Segment microservices by using Kubernetes network policies: With Alcide, Kubernetes Network Policies are automatically imported and visualized on the connectivity map, enabling implementation of network segmentation, reducing complexity and minimizing the need to manage policies through the Kubernetes native CLI.
The simplified Alcide platform helps to gather, monitor and manage all your rule-based instance policies while providing a high-level picture and granular policy details to help users ensure the right policies are set to protect the Kubernetes workloads.

Kubernetes Advisor: Continuous Audit & Compliance of Kubernetes Clusters

The Alcide Advisor is a Continuous Kubernetes and Istio hygiene checks tool that provides a single-pane view for all your K8s-related issues: audit, compliance, topology, network, policies, and threats. This ensures that you get a better understanding and control of distributed and complex Kubernetes projects with a continuous and dynamic analysis. A partial list of the checks we run includes:

  • Kubernetes vulnerability scanning
  • Hunting misplaced secrets, or excessive secret access
  • Workload hardening from Pod Security to network policies
  • Istio security configuration and best practices

Start your free trial with Kubernetes Advisor.