In less complex environments, you may uniquely identify Client Workloads using a single client identifier, such as:
- Kubernetes Pod name prefix
- Process name
- Source IP
In complex environments that span multiple clouds, networks, and Kubernetes clusters, relying on a single client identifier may no longer be sufficient. For example, you might encounter multiple Kubernetes clusters with pods sharing the same name prefix. Different Virtual Machines might run processes with identical names or have Virtual Machines sharing the same private IP.
To ensure Client Workloads are uniquely identified, and to enable the creation of accurate Access Policies targeting the correct workloads, Aembit recommends employing multiple client identifiers.
Configuration
Section titled “Configuration”Client Workload configurations support the addition of multiple identifiers.
For example, effective combinations could include:
-
Hostname and Process name
-
Kubernetes namespace and Kubernetes Pod prefix
These combinations facilitate precise identification (such as using Kubernetes Pod prefix and Process name) while ensuring global uniqueness within your organization by incorporating additional identifiers, whether secondary, tertiary, or beyond.