How to: Visualize Kubernetes Access

How to: Visualize Kubernetes Access

Intro

Do you know which users and groups have access to your Kubernetes clusters, namespaces, pods, and deployments? Do you know which roles they have and which actions they can take?

Most organizations don't. Access can be granted through the IdP, directly in Kubernetes, using different IAM roles (depending on the cloud provider), or through group membership. This creates a mess of standing access which is risky and hard to manage.

Apono shows you who can access what in K8 and with what access:

How it works

Step 1: Sign up to Apono

Sign-up to Apono Portal

Step 2: Connect a K8 Cluster

Easily integrate a Kubernetes cluster to Apono using Terraform or Helm.

Step 3: Explore K8 access using the Apono Access Graph

After you complete the integration, you can immediately see your organization's K8 access mapped on the Access Graph:

Drill down into any service accounts, users or groups by clicking them:

See all the roles service accounts, users or groups have on the cluster, and which actions they enable. Drill down into any specific role and the graph will update to show you the specific actions and affected resources.

Next steps

You've visualized access to Kubernetes resources, what now?

• Found users and groups' standing access to sensitive instances? Revoke it and create dynamic Access Flows instead.

• Users will now request access to Clusters, Namespaces, Pods, Deployments, Secrets and Nodes. The access will be approved according to the Access Flow: automatically or with approval from someone in the organization, depending on how sensitive it is.

• Every access is logged so that compliance and security audits are no longer a problem.