Do you know which users and groups have access to your Kubernetes clusters, namespaces, pods, and deployments? Do you know which roles they have and which actions they can take?
Most organizations don't. Access can be granted through the IdP, directly in Kubernetes, using different IAM roles (depending on the cloud provider), or through group membership. This creates a mess of standing access which is risky and hard to manage.
Apono shows you who can access what in K8 and with what access:
Sign-up to Apono Portal
Easily integrate a Kubernetes cluster to Apono using Terraform or Helm.
After you complete the integration, you can immediately see your organization's K8 access mapped on the Access Graph:
Drill down into any service accounts, users or groups by clicking them:
See all the roles service accounts, users or groups have on the cluster, and which actions they enable. Drill down into any specific role and the graph will update to show you the specific actions and affected resources.
You've visualized access to Kubernetes resources, what now?
- Found users and groups' standing access to sensitive instances? Revoke it and create dynamic Access Flows instead.
- Users will now request access to Clusters, Namespaces, Pods, Deployments, Secrets and Nodes. The access will be approved according to the Access Flow: automatically or with approval from someone in the organization, depending on how sensitive it is.
- Every access is logged so that compliance and security audits are no longer a problem.
Updated about 1 month ago
Create your first Access flow and start automating Kubernetes permissions