ZERO-TRUST INFRASTRUCTURE: AUTOMATED IDENTITY GOVERNANCE IN KUBERNETES - A FRAMEWORK FOR ZERO-TRUST MICROSERVICES

Abstract

Kubernetes has become the dominant platform for orchestrating containerized microservices, yet its default security model relies on network-based perimeter defenses inadequate for modern threat landscapes. This research develops and evaluates an automated identity governance framework implementing zero-trust principles within Kubernetes environments, where every service-to-service interaction requires explicit authentication and authorization regardless of network location. The framework integrates service mesh architecture with policy-based access control, cryptographic identity verification, and continuous authorization validation. Implementation across three production Kubernetes clusters managing 450 microservices demonstrated 96.3% reduction in lateral movement attack surface through microsegmentation and identity-based policies. The automated governance system detected and prevented 94.7% of unauthorized service access attempts while maintaining service-to-service communication latency below 8 milliseconds. Policy automation reduced manual security configuration overhead by 78% while improving policy consistency to 99.2% across distributed services. The framework achieved 99.97% availability despite comprehensive identity verification on every request. Penetration testing revealed that attackers gaining initial access were contained within compromised services, unable to pivot to other microservices due to cryptographic identity validation. This research contributes practical architectures enabling organizations to deploy zero-trust security in Kubernetes at scale while maintaining the operational agility that makes microservices attractive.