Frequently asked questions

Yes. Axera is CNI-agnostic. We support OVN-Kubernetes, Cilium, Calico and other major CNIs. Axera observes the flow logs your CNI already emits and deploys standard Kubernetes NetworkPolicy resources.

No. Axera does not inject sidecars, modify pod specs, or change container images. Signal ingestion is read-only. Policy enforcement uses standard Kubernetes NetworkPolicy.

It depends on the deployment mode you choose: (1) Agentless — nothing is installed in the cluster; Axera reads from container security tools you already run (Prisma Cloud, ACS / StackRox). (2) eBPF agent — a single privileged DaemonSet (`axera-flow-agent`) is deployed at the node level, built on the open-source NetObserv project, for kernel-level flow capture. (3) Hybrid — different modes per cluster, managed from one Axera plane.

A single-server Docker Compose evaluation takes about 30 minutes. A production deployment with external PostgreSQL and Kafka — and 1–3 connected clusters — typically takes 1–2 days, including RBAC and integration setup.

Never. Axera generates least-privilege NetworkPolicy recommendations. Every policy passes through review, approval gates (ITSM-aligned) and explicit deployment. Even in Restricted mode, enforcement requires explicit user action.

Multi-cluster is native. Onboard multiple Kubernetes / OpenShift clusters through Settings > Connections. Deploy the same policy set across all clusters or progressively, cluster by cluster.

Yes. Axera has no SaaS dependency. All services run inside your infrastructure (on-prem, private cloud, or air-gapped). No telemetry leaves your network.

Every deployment creates a versioned snapshot. Roll back to any prior version with one click. The rollback itself is versioned and audited.

Yes. We support Jira, ServiceNow, Linear and Azure DevOps. Tickets are linked to the policy record for traceability and include the policy diff.

Yes. Push policies to GitHub, BitBucket or GitLab with automatic PR creation. The PR includes the policy diff, risk tags and a link back to the Axera policy record.

Four built-in roles: Admin, NetworkOperator, Auditor, AccessUser. LDAP / Active Directory group mapping for centralized identity. Every endpoint is permission-checked server-side.