sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 15:31:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f4faebaf68762c9e89d96be9122d65190cd6524b
opendesk/docs/security.md
Thorsten Roßner 6ba6923612 fix(helmfile): Update portal and branding. 
BREAKING CHANGE: Upgrading from previous releases requires manual steps, read `./docs/migrations.md` carefully.
2024-10-13 15:34:25 +02:00

52 lines
1.7 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!--
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
-->
<h1>Security</h1>
This document should cover the current status of security measurements.
<!-- TOC -->
* [Helm Chart Trust Chain](#helm-chart-trust-chain)
* [Kubernetes Security Enforcements](#kubernetes-security-enforcements)
* [NetworkPolicies](#networkpolicies)
<!-- TOC -->
# Helm Chart Trust Chain
Helm charts are signed and validated against GPG keys in `helmfile/files/gpg-pubkeys`.
For more details on Chart validation, please visit: https://helm.sh/docs/topics/provenance/
All charts except the ones mentioned below are verifiable:
| Repository        | Verifiable |
|-------------------|:----------:|
| open-xchange-repo |     no     |
# Kubernetes Security Enforcements
This list gives you an overview of default security settings and whether they comply with security standards:
⟶ Visit our generated detailed [Security Context](./security-context.md) overview.
# NetworkPolicies
Kubernetes NetworkPolicies are an essential measure to secure your Kubernetes apps and clusters.
When applied, they restrict the traffic to your services.
This protects other deployments in your cluster or other services in your deployment from getting compromised when one
component is compromised.
We ship a default set of Otterize ClientIntents via
[Otterize intents operator](https://github.com/otterize/intents-operator) which translates intent-based access control
(IBAC) into Kubernetes native NetworkPolicies.
This requires the Otterize intents operator to be installed.
```yaml
security:
  otterizeIntents:
    enabled: true
```
Reference in New Issue View Git Blame Copy Permalink