6 Access Control & Security
This chapter covers:
- The areas of attack when using GitOps driven deployment
- How to ensure that the Kubernetes cluster, deployment repository, and image registry are protected
- Guidelines for choosing the right configuration management pattern
- GitOps and Kubernetes security pitfalls and ways to enhance security
Access control and security topics are always essential and are especially important when it comes to deployment and infrastructure management. The attack surface, in this case, includes expensive things like infrastructure, dangerous things like policy and compliance, and the most important things like data stores that contain user data. Modern operations methodologies enable engineering teams to move with a much quicker pace and optimizes for fast iterations. However, more releases also mean more chances of introducing the vulnerabilities and leads to new challenges for security teams. Traditional security processes that rely on human operational knowledge may still work but struggle to scale and meet the needs of enterprises utilizing GitOps with automated build and release infrastructure.