Tetrate Enterprise ready service mesh

Why Tetrate
- Our Customers
Products

Products

Agent Operations Director
Seamless visibility and cost management for ML infrastructure teams to maximize GenAI ROI.

Tetrate Service Bridge
Enterprise Application Networking and Security Platform.

Why Tetrate Service Bridge How Tetrate Service Bridge Works

Tetrate Istio Subscription
CVE free, FIPS-verified, extended enterprise support for Istio with TIS. Add global service registry & troubleshooting with TIS+

TIS: Extended Enterprise Support TIS+: Global Istio Troubleshooting

Pricing
Get the details about our flexible pricing.

Tetrate Enterprise Gateway for Envoy
The enterprise-ready distribution of Envoy Gateway

Get Istio Support
Get the help you need to run your service mesh with confidence.
Solutions
Learn

Learn

Resources

Blog

Zero Trust Center

Documentation

FAQ

Ebooks & Reports

White Papers

Video

All

Tetrate Academy

Learning Center

Envoy Proxy
Get started with the standard data plane for cloud-native applications.

API Gateway
Simplify app traffic management and improve security with a single point of entry.

Envoy Gateway
Build scalable and resilient apps using Envoy as an application gateway.

Kubernetes Gateway API
Manage K8s ingress with more power than the old Ingress API.

Istio Service Mesh
Connect, manage and secure apps with the industry standard service mesh.

Microservices
Gain agility with services that are separately developed, deployed and scaled.

FIPS
Learn about the security standards for apps running in FedRAMP environments.

Platform Team
Improve application infrastructure with a dedicated team.

Mutual TLS (mTLS)
Ensure secure communication between components of a Zero Trust architecture.

Wasm
Write portable code in multiple languages compiled to a common bytecode format.

Observability
Observe app behavior with telemetry from logs, metrics, traces and events.

Zero Trust Architecture
Improve security for all communication, regardless of network location.
Events
Company
- About Us
- Leadership
- Investors
- Partners
- Newsroom
- Careers
- Get Support
- Contact Us

|

Learning Center

|

Kubernetes Security Architecture

Kubernetes Security Architecture

Kubernetes has a security architecture based on the principle of defense in depth. This means that it incorporates multiple layers of security controls throughout the platform to deliver robust security. The security controls needed include the items mentioned in the previous section. At the architectural level, the flooring items also need to be protected with suitable security techniques:

Secure Storage

The security of the Etcd storage backend, where all cluster data is stored, requires top-tier hardware and software protection.

Use a Service Mesh

A service mesh adds a layer of security across the Kubernetes platform deployment by adding features like traffic encryption and monitoring to enhance the underlying network security.

Use Namespaces

Dividing Kubernetes clusters into logical segments using namespaces improves resource isolation and limits the impact of any breaches to a subset of the deployed resources. This is part of the broader segmentation recommended for Kubernetes deployments.