The KubeEnforcer runs as a deployment and provides admission runtime security for Kubernetes workloads and infrastructure.
A single KubeEnforcer can be deployed on each Kubernetes cluster and uses native Kubernetes Admission Controller APIs to perform its functions, without the need for an Aqua Enforcer:
- MutatingAdmissionWebhook: seamlessly applies security controls for deployments
- ValidatingAdmissionWebhook enforces Assurance Policies on newly deployed workloads
- Kubernetes and Openshift
KubeEnforcers are supported on Linux platforms (with exception of VMware Tanzu TKGI).
- Aqua Enterprise SaaS
- Aqua Enterprise Self-Hosted
Before you start using any of the deployment methods documented in this reposiory, Aqua strongly recommends you to refer the following product documentation: