Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KG 0.36 - Security #17

Open
2 of 5 tasks
NotChristianGarcia opened this issue Jun 20, 2022 · 0 comments
Open
2 of 5 tasks

KG 0.36 - Security #17

NotChristianGarcia opened this issue Jun 20, 2022 · 0 comments
Assignees
@NotChristianGarcia

Comments

@NotChristianGarcia
Copy link
Member

NotChristianGarcia commented Jun 20, 2022
edited
Loading

"Who's idea was it to let third-parties run whatever they wanted in a Kubernetes?" A story on how Christian should have done this with Docker.

  • Cert isolation - Can't have a bad cert affect our normal certs. Cert errors could be bad. Should probably create a new cert per thing? Maybe always have it be non-secured?
  • Service isolation - Pods shouldn't be able to use any service at all. No Egress. Only Ingress from nginx.
  • Network isolation - Pods shouldn't be able to make any calls via ip.
  • Pod isolation - Pods shouldn't have k8 control or access to other pods.
  • Environment Variable isolation - Block access to default environment variables.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NotChristianGarcia NotChristianGarcia

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NotChristianGarcia