otomi-core icon indicating copy to clipboard operation
otomi-core copied to clipboard

Published 20 hours ago verified publisher icon redkubes

Internal ingress filtering for platform applications

Open j-zimnowoda opened this issue 2 years ago • 3 comments

Is your feature request related to a problem? Please describe.

Enhance platform application security by defining network policies

Describe the solution you'd like A clear and concise description of what you want to happen. Ultimately we would like that each platform app has corresponding ingress network security policy. But the first MVP shall cover the following apps

  • keycloak
  • loki
  • harbor
  • kubernetes-external-secrets
  • oauth2-proxy
  • gatekeeper-operator
  • gatekeeper
  • external-dns
  • prometheus-operator
  • prometheus
  • istio-operator
  • istio apps
  • cert-manager
  • knative
  • nginx-ingress
  • promtail
  • otomi-api
  • vault-operator
  • vault
  • drone
  • gitea
  • kiali-operator

The network security polices shall be deployed as artefacts to the deployed chart.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

j-zimnowoda avatar Mar 14 '22 09:03 j-zimnowoda

Please keep this scope limited to the escalation model: only public services should be hardened, so the list becomes much smaller

Morriz avatar Mar 23 '22 13:03 Morriz

I see only this list left:

  • keycloak
  • harbor
  • oauth2-proxy
  • prometheus
  • istio apps
  • nginx-ingress
  • otomi-api
  • vault
  • drone
  • gitea
  • kiali
  • jaeger

Morriz avatar Mar 23 '22 13:03 Morriz

good point

j-zimnowoda avatar Jul 12 '22 06:07 j-zimnowoda