radix-platform
radix-platform copied to clipboard
equinor
Omnia Radix platform - base scripts and code
Enforcing CPU and memory limits prevents resource exhaustion attacks (a form of denial of service attack). We recommend setting limits for containers to ensure the runtime prevents the container from...
Disabling local authentication methods and allowing only Azure Active Directory Authentication improves security by ensuring that Azure MySQL flexible server can exclusively be accessed by Azure Active Directory identities. Affected:...
- [ ] Inform slack of possible issues in the upgrade process - [ ] Upgrade AKS to 1.28 - [ ] Upgrade AKS to 1.29 - [ ] Install...
Add metric `radix_operator_errors` to Radix dashboard. This metric is increased every time an error occurs when radix-operator reconciles on of its CRDs (RA, RD, RJ etc). Reconcile errors can be...
Containers shouldn't run with privilege escalation to root in your Kubernetes cluster. The AllowPrivilegeEscalation attribute controls whether a process can gain more privileges than its parent process. Add exception for...
Restrict pod access to the host network and the allowable host port range in a Kubernetes cluster. Pods created with the hostNetwork attribute enabled will share the node's network space....
### ALTERNATIVE: https://external-secrets.io/latest/api/generator/acr/ We can leverage ExternalSecretsOperator with Workload Identity to create short lived tokens that only have access to individual repositories and cache. ### ALTERNATIVE 2: Create ACR Refresh...
Limit permission for app.reg, managed identities to only have permission to the object itself, not the resource group. - [x] radixdev - [x] radix-cr-cicd-dev - [x] radix-github-workflows-dev - [x] [ar-radix-github-workflows-1-dev](https://portal.azure.com/?feature.msaljs=true#)
Azure Private Link provides a secure connection between your virtual network and Azure services, eliminating the need for a public IP address. It manages the connectivity over the Azure backbone...
**Is your feature request related to a problem? Please describe.** Ref. meeting with GRC team on 23.08; ASB policies related to Kubernetes have been extracted and we would like the...
