Seamless Zero Trust Access to Kubernetes Clusters for Humans and Workloads at any Scale

Seamless Secretless Access to internal Kubernetes Clusters behind NAT as well as Publicly Protect Clusters without Sharing and Distributing Kubeconfigs, Certificates or Access Tokens to Users

Dynamically Control Access at Layer-7 to Specific Kubernetes Resources, Namespaces, Verbs, and APIs based on Identity and Context via Policy-as-Code

Clientless Unified Access from within your Applications via Standard OAuth2 Client Credentials and Bearer Authentication to Access all your Kubernetes Clusters without Having to Use Clients or SDKs

Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider as well as GitHub OAuth2. Force Strong MFA via FIDO2 Phishing Resistant Authenticators into Access Control to Sensitive Kubernetes Clusters.

OpenTelemetry-ready, Layer-7 Aware, Real-Time Visibility and Auditing in Real-Time to your Log Management and SIEM Providers

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.

A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability

Dynamically Apply Native FIDO2 Passkey/WebAuthn, Time-based one-time Password (TOTP) Authentication and TPM 2.0 Authentication. Enforce Using Attested Hardware-based FIDO2 Authenticators in your Access Control Decisions.