Policy Agents for Zero-Trust Kubernetes: A Comprehensive Survey
摘要
In this survey, we explore how different policy agents can help implement zero-trust security in Kubernetes environments. To make comparisons more concrete, we propose a new metric called the Policy Effectiveness Score (PES), which considers how well each agent aligns with zero-trust principles, its compatibility with cloud platforms, and the operational effort it requires. We take a closer look at four popular tools Open Policy Agent (OPA), Kyverno, Gatekeeper, and Pod Security Admission and identify three key architectural models they follow: Sidecar, Admission Controller, and Operator. Each of these comes with its own strengths and limitations. To test our framework, we draw insights from 14 peer-reviewed studies. Our findings suggest that while no single agent covers all the bases, using a phased, multi-agent setup can strike a good balance between strong security, system performance, and manageable complexity.