Networking

Host Firewall

Host Security That Scales With Kubernetes

How can I secure the host namespace with same consistent security model?

Kubernetes nodes are the backbone of any cluster, but securing them presents unique challenges beyond the capabilities of traditional firewalls. Without granular host-level controls, nodes are vulnerable to unauthorized access, exposing critical cluster components, like kube-apiserver or etcd, to potential breaches. Static firewall rules struggle to adapt to the dynamic nature of Kubernetes environments, leaving gaps in protection during workload changes or updates. Additionally, misconfigurations in restrictive policies can disrupt essential communications, while limited visibility into host-level traffic makes monitoring and troubleshooting difficult.

Networking Bee

Consistent Security for Nodes and Pods

Traditionally, securing Kubernetes environments required managing separate security models for nodes and pods, resulting in operational complexity and potential blind spots. Cilium Host Firewall eliminates this inconsistency by applying the same network policy model to the host. This approach extends Kubernetes declarative, policy-driven security model to the nodes hosting your workloads, delivering seamless, consistent protection across your entire environment. By leveraging YAML manifests, administrators can define, apply, and manage host-level policies with the same ease and precision as Kubernetes Network Policies, creating a unified approach to securing both pods and their underlying hosts.

Host Security That Scales With Kubernetes

Cilium Host Firewall empowers administrators to enforce fine-grained policies for node-level traffic. By matching on node labels, you can create targeted rules that allow or deny traffic based on specific needs, such as permitting only SSH or ICMP traffic to specific nodes. This level of control ensures that your nodes are protected from unauthorized access while maintaining the flexibility required for smooth operations. Cilium Host Firewall ensures consistent, granular, and adaptable security for every node in your cluster, giving you the confidence to scale securely in even the most demanding environments.

Want to Learn More?

  • Join the Cilium Slack

    Cilium is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us on Slack! Find out what's happening and get involved.

    Join the Slack

  • Read the Documentation

    Cilium has extensive documentation that covers its features and use cases. The docs also features tutorials for common user stories.

    Read the Docs

  • Get Help

    Get help with Cilium through Slack, Github, training, support, and FAQs. The community can also help you tell or promote your story around Cilium.

    Get Help

  • Try a Lab

    Deep dive into Cilium and its features with labs provided by companies within the Cilium ecosystem

    Try a Lab