Overview

As organizations shift from traditional data center environments to modern, highly distributed cloud native infrastructures like Kubernetes, the volume of certificates and machine identities explodes, leading to increased threat risks and an increased need for security controls. In January 2023, Venafi introduced TLS Protect for Kubernetes to help organizations address this challenge.

As part of the Venafi Control Plane for Machine Identities, TLS Protect for Kubernetes enables security and platform teams to easily and securely manage cloud native machine identities, such as TLS, mTLS and SPIFFE certificates, across all of an enterprise’s multi-cloud and multi-cluster Kubernetes environments. By delivering increased observability, consistency and control over machine identity management within more complex cloud native infrastructures, it helps enterprises improve application reliability and reduce development and operational costs.

Built with a fully supported version of the cert-manager open source project – the de facto cloud native solution designed by Jetstack, a Venafi company, for developers to automate TLS and mTLS certificate issuance and renewal – TLS Protect for Kubernetes provides in-cluster observability to identify and remediate security risks stemming from poorly configured certificates, as well as offers options for security controls over certificate issuance to meet the security team policy for enforcing trust.

It also includes a management interface that provides full visibility of public trusted certificates for ingress TLS, as well as private certificates for inter-service mTLS for pod-to-pod and service mesh use cases. By building a detailed view of the enterprise security posture across multiple clusters and cloud platforms, including certificates that have been manually created by developers, it proactively identifies operational issues that help platform teams maintain cluster integrity and prevent outages.