sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 00:11:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(services): Add NetworkPolicy section to docs/security.md

Browse Source
This commit is contained in:
Dominik Kaminski
2023-11-26 21:39:20 +01:00
parent bec9a2d46b
commit 24812b667c
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/security.md
View File

@@ -10,6 +10,7 @@ This document should cover the current status of security measurements.
<!-- TOC --> <!-- TOC -->
* [Helm Chart Trust Chain](#helm-chart-trust-chain) * [Helm Chart Trust Chain](#helm-chart-trust-chain)
* [Kubernetes Security Enforcements](#kubernetes-security-enforcements) * [Kubernetes Security Enforcements](#kubernetes-security-enforcements)
* [NetworkPolicies](#networkpolicies)
<!-- TOC --> <!-- TOC -->
## Helm Chart Trust Chain ## Helm Chart Trust Chain
@@ -99,3 +100,22 @@ This list gives you an overview of default security settings and if they comply
| UCC | univention-corporate-container | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | | UCC | univention-corporate-container | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - |
| XWiki | xwiki | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 101 | | XWiki | xwiki | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 101 |
| | xwiki initContainers | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 | | | xwiki initContainers | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
## NetworkPolicies
Kubernetes NetworkPolicies are an important measure to secure your kubernetes apps and clusters.
When applied, they restrict the traffic to your services.
This protects other deployments in your cluster or other services in your deployment to get compromised when one
component is compromised.
We ship a default set of Otterize ClientIntents via
[Otterize intents operator](https://github.com/otterize/intents-operator) which translates intent-based access control
(IBAC) into kubernetes native NetworkPolicies.
This requires the Otterize intents operator to be installed.
```yaml
security:
otterizeIntents:
enabled: true
```