Namespace-Centric and Application-Centric Protection for Kubernetes


The primary methods for protecting Kubernetes are namespace-centric and application-centric. Namespace-centric is the recommended method because it discovers and protects all namespaces and non-namespaced (cluster-scoped) API resources/objects in the cluster, regardless of whether they are directly referenced by an application manifest.

Application-centric protection discovers and protects Pods, DaemonSets, Deployments, StatefulSets, PersistentVolumeClaims, and helm chart-deployed apps. Application-centric protection also uses intelligent inference to discover and protect related API resources/objects.