CloudGuard Controller for Kubernetes

Adding Kubernetes to CloudGuard Controller

Check Point CloudGuard ControllerClosed Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. now protects North-South inspection for increased Kubernetes security.

The new Container security component is available in native Kubernetes and managed Kubernetes services such as Azure Kubernetes Service (AKS), Amazon EKS, Google Kubernetes Engine, and others.

Prerequisite

  • Kubernetes version 1.12 and above

Note - Island Mode (NATed IP address for Nodes) is not supported.

Connecting to a Kubernetes Server

Kubernetes Imported Objects

Object

Description

Namespace

Group of resources in a single clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..

Node

A virtual or physical machine, depending on the Cluster.

Pod

The smallest deployable units of computing that you can create and manage in Kubernetes. A group of one or more containers, with shared storage and network resources, and a specification for how to run the containers.

Service

A method for exposing a network application that runs as one or more Pods in your Cluster.

Labels

Key-value pairs attached to Services and Nodes within a Kubernetes cluster.

Service Endpoint

Each Service object defines a logical set of endpoints (usually, these endpoints are Pods) along with a policy about how to make those pods accessible.

Tags

Keys and Values attached to the Object.