Kubernetes Identity Aware Policies

Tetragon was built from the ground up to cater to the unique needs of Linux, container, and Kubernetes workloads⁠

Thumbnail for video about Kubernetes Identity Aware Policies

Understanding Process Behavior in Complex Environments

In traditional security environments, policies are often applied uniformly, assuming static infrastructure. This approach is ill-suited to Kubernetes clusters, where workloads are dynamic, ephemeral, and highly diverse. This complexity brings the need for security teams to enforce policies with precision. Enforcing policies too broadly may lead to excessive noise or performance overhead, while enforcing too narrowly can result in missing critical events.

Tetragon addresses these challenges with Kubernetes Identity Aware Policies, leveraging eBPF for in-kernel filtering based on Kubernetes constructs like namespaces, pod labels, and container fields. Tetragon Kubernetes identity aware policies enable security teams to precisely control which workload(s) are monitored or constrained. Kubernetes identity aware policies equip teams with the precision to apply Tetragon’s security observability and runtime enforcement only where needed, such as focusing observability on high-risk namespaces or critical workloads.

Tetragon empowers security teams with actionable process insights

  • Kubernetes Identity Aware Policies

    Leverage in-kernel filtering to enforce policies based on Kubernetes constructs like namespaces, pod labels, and container fields.

  • Precise Workload Control

    Focus monitoring and enforcement on specific workloads or high-risk namespaces to reduce noise and overhead.

  • Dynamic Policy Enforcement

    Adapt to the dynamic, ephemeral nature of Kubernetes environments with policies tailored to changing workloads.

  • Enhanced Security Observability

    Apply security observability and runtime enforcement precisely where it’s most needed, ensuring comprehensive protection.