At the ongoing KubeCon conference in San Diego, Aporeto has announced new Kubernetes security capabilities.

With this announcement, Aporeto now offers Identity Federation for Kubernetes pods applicable to any cloud. Users can run their apps on the Kubernetes platform of their choice and let Aporeto’s cloud-delivered security solution provide least privilege access to cloud credentials for their apps, realizing significant time and cost savings while being able to adopt cloud-native services faster.

For enterprise organizations using Istio service mesh to manage their containers, microservices or Kubernetes container orchestration, Aporeto now offers an Envoy plugin that extends all Aporeto capabilities into an Istio service mesh environment.

Through x509 certificates and OAuth tokens, Aporeto provides consistent identities to all workloads and enables identity federation between a company’s workloads and any third party. With Aporeto, organizations can bring legacy services into Istio without any changes, and any non-Istio service can become a consumer of the service mesh with no code-changes or operational configuration change of the service.

Additionally, Aporeto said it provides extended Berkeley Packet Filter (eBPF) support for better performance.