Skip to main content

Introduction

Polaris K8s enables the secure deployment of confidential nodes within Kubernetes clusters. Polaris K8s offers a balance between the scalability and flexibility of Kubernetes and the robust security necessary to protect sensitive information. With seamless integration into Kubernetes environments, Polaris K8s ensures comprehensive data protection without requiring changes to current applications.

Overview

Fr0ntierX’s Polaris K8s Secure Container utilizes Confidential Virtual Machines (CVM) and Confidential GPUs to isolate Kubernetes workloads within a fully encrypted environment. Built on Confidential Computing principles, Polaris K8s ensures full memory encryption with minimal overhead, shielding data from both cloud providers and internal IT resources. This integration protects sensitive data at every stage – at rest, in transit, and while in use – without requiring any modifications to existing Kubernetes applications.

Polaris K8s secures all data traffic, including HTTP requests and responses, by encrypting them using a public key managed within the Trusted Execution Environment (TEE). This ensures protection against exposure risks, while the encryption and decryption process remains transparent, requiring no changes to workloads. The data is decrypted seamlessly by the Polaris SDK, ensuring continuous encryption without interrupting operational flow, whether in server or browser environments.

Polaris K8s securely encrypts and decrypts sensitive data, such as configuration files and context documents. Access to the encrypted data is governed by an attestation policy that verifies workload integrity and can restrict access to pre-approved software versions. Both encryption and decryption are handled by Polaris SDK, providing seamless, robust data protection across all Kubernetes workloads.

Key Benefits

  • Data Encryption: Security at all stages – at rest, in transit, and in use
  • Complete Isolation: Workloads shielded from cloud providers and internal IT resources
  • Transparent Encryption: All requests and responses are automatically encrypted and decrypted
  • No Modifications Required: No changes to the Kubernetes workload necessary
  • Compliance: Supports data anonymization, filtering, and cleaning for compliance with regulatory standards
  • Preserves Kubernetes Flexibility: Security does not compromise Kubernetes’ scalability or performance