# Kubernetes

## Overview

CloudGuard WAF for Kubernetes protects vulnerable applications and APIs running in Kubernetes environments. It integrates with the most popular [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx), [Kong Ingress Controller](https://github.com/Kong/kubernetes-ingress-controller), and as well as Istio Ingress Controller, and serves as a secure HTTP/S load balancer for one or more [Services](https://kubernetes.io/docs/concepts/services-networking/service/) inside Kubernetes [clusters](https://kubernetes.io/docs/concepts/architecture/).

**For Kong and Istio dedicated instructions, click here:**

{% content-ref url="kubernetes/nginx-application-security" %}
[nginx-application-security](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/nginx-application-security)
{% endcontent-ref %}

{% content-ref url="kubernetes/kong-application-security" %}
[kong-application-security](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/kong-application-security)
{% endcontent-ref %}

{% content-ref url="kubernetes/istio-application-security" %}
[istio-application-security](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/istio-application-security)
{% endcontent-ref %}

{% content-ref url="kubernetes/envoy-application-security" %}
[envoy-application-security](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/envoy-application-security)
{% endcontent-ref %}

{% hint style="info" %}
Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) exposes HTTP/S routes from outside the cluster to [services](https://kubernetes.io/docs/concepts/services-networking/service/) within the cluster. Traffic routing is controlled by rules defined on the Ingress resource. 
{% endhint %}