-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update threat model #24760
Update threat model #24760
Conversation
ferozsalam
commented
Apr 5, 2023
- Incorporate feedback on transparent encryption with regards to network attackers
- Add recommended controls for Hubble
- Also some minor formatting tweaks to bring the document in line with our style guide
- Incorporate feedback on transparent encryption with regards to network attackers - Add recommended controls for Hubble Signed-off-by: Feroz Salam <feroz@isovalent.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| Network data | - Without transparent encryption, an attacker | | ||
| | could inspect traffic between workloads in both | | ||
| | overlay and native routing modes. | | ||
| | - Denial of service could occur depending on the | | ||
| | behavior of the attacker. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! ✨
@@ -725,21 +687,23 @@ Overall Recommendations | |||
To summarize the recommended controls to be used when configuring a | |||
production Kubernetes cluster with Cilium: | |||
|
|||
1. Ensure that Kubernetes roles are scoped correctly to the requirements of your | |||
#. Ensure that Kubernetes roles are scoped correctly to the requirements of your |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good practice on numbering. Have you verified that your local build renders ordered steps correctly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, all looks good to me!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Feroz!
(Completely unrelated: your @isovalent.com email address isn't linked to your GitHub account.)