6 Access Control & Security

 

This chapter covers:

  • The areas of attack when using GitOps driven deployment
  • Ensuring critical infrastructure components are protected
  • Guidelines for choosing the right configuration management pattern
  • Enhancing security to avoid security pitfalls in GitOps

Access control and security topics are always essential and are especially crucial for deployment and infrastructure management. In this case, the attack surface includes expensive things like infrastructure, dangerous things like policy and compliance, and the most important things like data stores that contain user data. Modern operations methodologies enable engineering teams to move at a much quicker pace and optimize for fast iterations. However, more releases also mean more chances of introducing vulnerabilities and leads to new challenges for security teams. Traditional security processes that rely on human operational knowledge may still work but struggle to scale and meet the needs of enterprises utilizing GitOps with automated build and release infrastructure.

We recommend you read chapters 1 and 2 before reading this chapter.

6.1       Introduction to Access Control

 
 
 

6.1.1   What is Access Control?

 
 
 
 

6.1.2   What to Secure?

 
 

6.1.3   Access control in GitOps

 
 

6.2       Access Limitations

 
 

6.2.1   Git repository access

 
 
 

6.2.2   Kubernetes RBAC

 

6.2.3   Image Registry Access

 
 
 

6.3       Patterns

 
 
 

6.3.1   Full access

 
 
 
 

6.3.2   Deployment Repo Access

 
 
 

6.3.3   Code access only

 
 
 

6.4       Security Concerns

 
 

6.4.1   Prevent Image Pull from Untrusted Registries

 
 

6.4.2   Cluster Level Resources in Git Repository

 
 
 
 

6.5       Summary

 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest