The security of the Ingress Controller is paramount to the success of our Users, however, the Ingress Controller is deployed by a User in their environment, and as such, the User takes responsibility for securing a deployment of the Ingress Controller. We strongly recommend every User read and understand the following security concerns.
We recommend the Kubernetes guide to securing a cluster. In addition, the following relating more specifically to Ingress Controller.
The Ingress Controller is deployed within a Kubernetes environment, this environment must be secured. Kubernetes uses RBAC to control the resources and operations available to different types of users. The Ingress Controller requires a service account which is configured using RBAC. We strongly recommend using the RBAC configuration provided in our standard deployment configuration. It is configured with the least amount of privilege required for the Ingress Controller to work.
We strongly recommend inspecting the RBAC configuration (for manifests installation or for helm) to understand what access the Ingress Controller service account has and to which resources. For example, by default the service account has access to all Secret resources in the cluster.
Secrets are required by the Ingress Controller for some configurations. Secrets are stored by Kubernetes unencrypted by default. We strongly recommend configuring Kubernetes to store these Secrets encrypted at rest. Kubernetes has documentation on how to configure this.
We recommend the following for the most secure configuration:
Snippets Snippets will be disabled by default in the future. Be sure to understand the implications of configurations you provide through the Snippets capability.