Announcing Tetrate Agent Operations Director for GenAI Runtime Visibility and Governance

Learn more

Products

Enterprise Solutions for Regulated Workloads

Agent Operations Director

Runtime visibility and governance for ML infrastructure teams to maximize GenAI ROI

Tetrate Application Gateway

Intent-driven ingress traffic orchestration across clouds, on-prem environments, K8s, and VMs

Tetrate Service Bridge

A uniform way to connect, monitor and secure microservices so you can modernize apps faster

Open Source Solutions for Kubernetes Networking

Tetrate Istio Subscription

Scale Istio with enterprise support, CVE protection, and seamless troubleshooting

Tetrate Istio Subscription+

Modern Kubernetes Network Troubleshooting and Availability

Tetrate Enterprise Gateway for Envoy

Available 24/7 enterprise support and enablement for the FIPS-verified and CVE-protected Envoy Gateway

Solutions

Financial Services

Build secure, scalable cloud-native applications and innovate faster with the service mesh

FIPS

FIPS-compliant Istio to support compliance, speed FedRAMP, and protect applications

Government

Tetrate’s FIPS-validated mesh ensures modernization, risk mitigation, and compliance

Kubernetes

Seamlessly implement policies for security, identity, traffic management

Kubernetes Ingress

HTTP/S traffic routing mechanism for exposing services within a Kubernetes cluster

Zero Trust Security

Secure multi-cloud microservices with Zero Trust to protect apps, users, and business

Learn

Resources

All Resources

Ebooks & Reports

Video

White papers

Zero Trust

Blog

Documentation

FAQ

Learning Center

Envoy Proxy

Get started with the standard data plane for cloud-native applications.

Envoy Gateway

Build scalable and resilient apps using Envoy as an application gateway.

Istio Service Mesh

Connect, manage and secure apps with the industry standard service mesh.

FIPS

Learn about the security standards for apps runnng in FedRAMP environments.

Mutual TLS (mTLS)

Ensure secure communication between components of a Zero Trust architecture.

Observability

Observe app behavior with telemetry from logs, metrics, traces and events.

API Gateway

Simplify app traffic management and improve security with a single point of entry.

Kubernetes Gateway API

Manage K8s ingress with more power than the old Ingress API.

Microservices

Gain agility with services that are separately developed, deployed and scaled.

Platform Team

Improve application infrastructure with a dedicated team.

Wasm

Write portable code in multiple languages compiled to a common bytecode format.

Zero Trust Architecture

Improve security for all communication, regardless of network location.

Events

Company

About Tetrate

Why tetrate

Leadership

Investors

Partners

Our customers

Newsroom

Careers

Get Support

Products

Enterprise Solutions for Regulated Workloads

Agent Operations Director

Runtime visibility and governance for ML infrastructure teams to maximize GenAI ROI

Tetrate Application Gateway

Intent-driven ingress traffic orchestration across clouds, on-prem environments, K8s, and VMs

Tetrate Service Bridge

A uniform way to connect, monitor and secure microservices so you can modernize apps faster

Open Source Solutions for Kubernetes Networking

Tetrate Istio Subscription

Scale Istio with enterprise support, CVE protection, and seamless troubleshooting

Tetrate Istio Subscription+

Modern Kubernetes Network Troubleshooting and Availability

Tetrate Enterprise Gateway for Envoy

Available 24/7 enterprise support and enablement for the FIPS-verified and CVE-protected Envoy Gateway

Solutions

Financial Services

Build secure, scalable cloud-native applications and innovate faster with the service mesh

FIPS

FIPS-compliant Istio to support compliance, speed FedRAMP, and protect applications

Government

Tetrate’s FIPS-validated mesh ensures modernization, risk mitigation, and compliance

Kubernetes

Seamlessly implement policies for security, identity, traffic management

Kubernetes Ingress

HTTP/S traffic routing mechanism for exposing services within a Kubernetes cluster

Zero Trust Security

Secure multi-cloud microservices with Zero Trust to protect apps, users, and business

Learn

Resources

All Resources

Ebooks & Reports

Video

White papers

Zero Trust

Blog

Documentation

FAQ

Learning Center

Envoy Proxy

Get started with the standard data plane for cloud-native applications.

Envoy Gateway

Build scalable and resilient apps using Envoy as an application gateway.

Istio Service Mesh

Connect, manage and secure apps with the industry standard service mesh.

FIPS

Learn about the security standards for apps runnng in FedRAMP environments.

Mutual TLS (mTLS)

Ensure secure communication between components of a Zero Trust architecture.

Observability

Observe app behavior with telemetry from logs, metrics, traces and events.

API Gateway

Simplify app traffic management and improve security with a single point of entry.

Kubernetes Gateway API

Manage K8s ingress with more power than the old Ingress API.

Microservices

Gain agility with services that are separately developed, deployed and scaled.

Platform Team

Improve application infrastructure with a dedicated team.

Wasm

Write portable code in multiple languages compiled to a common bytecode format.

Zero Trust Architecture

Improve security for all communication, regardless of network location.

Events

Company

About Tetrate

Why tetrate

Leadership

Investors

Partners

Our customers

Newsroom

Careers

Get Support

Kubernetes Security Architecture

Kubernetes has a security architecture based on the principle of defense in depth.

Kubernetes has a security architecture based on the principle of defense in depth. This means that it incorporates multiple layers of security controls throughout the platform to deliver robust security. The security controls needed include the items mentioned in the previous section. At the architectural level, the flooring items also need to be protected with suitable security techniques:

Secure Storage

The security of the Etcd storage backend, where all cluster data is stored, requires top-tier hardware and software protection.

Use a Service Mesh

A service mesh adds a layer of security across the Kubernetes platform deployment by adding features like traffic encryption and monitoring to enhance the underlying network security.

Use Namespaces

Dividing Kubernetes clusters into logical segments using namespaces improves resource isolation and limits the impact of any breaches to a subset of the deployed resources. This is part of the broader segmentation recommended for Kubernetes deployments.