|
1 | 1 | # Security |
2 | 2 |
|
3 | | -We consider the security of the Ingress Controller paramount to the success of our users and use the following to |
4 | | -ensure the security of the Ingress Controller: |
| 3 | +The security of the Ingress Controller is paramount to the success of our Users, and we use the following tools and processes to develop software as securely as possible. |
5 | 4 | * [Secure Development Life Cycle](https://www.microsoft.com/en-us/securityengineering/sdl/) |
6 | | -* [FOSSA](https://fossa.com) scanning |
| 5 | +* [FOSSA](https://fossa.com) for scanning |
7 | 6 |
|
8 | 7 | However, the Ingress Controller is deployed by a User in their environment, and as such, the User takes responsibility |
9 | 8 | for securing a *deployment* of the Ingress Controller. |
10 | | -We highly recommend every User to read and understand the following security concerns. |
| 9 | +We strongly recommend every User read and understand the following security concerns. |
11 | 10 |
|
12 | 11 | ## Kubernetes |
13 | 12 | We recommend the Kubernetes [guide to securing a cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/). |
14 | 13 | In addition, the following relating more specifically to Ingress Controller. |
15 | 14 |
|
16 | 15 | ### RBAC and Service Account |
17 | 16 | The Ingress Controller is deployed within a Kubernetes environment, this environment must be secured. |
18 | | -Kubernetes uses [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to control which types of users |
19 | | -can access which resources and what operations they can perform. |
| 17 | +Kubernetes uses [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to control the resources and operations available to different types of users. |
20 | 18 | The Ingress Controller requires a service account which is configured using RBAC. |
21 | 19 | We strongly recommend using the [RBAC configuration](https://github.com/nginxinc/kubernetes-ingress/blob/master/deployments/rbac/rbac.yaml) provided in our standard deployment configuration. |
22 | 20 | It is configured with the least amount of privilege required for the Ingress Controller to work. |
23 | 21 |
|
| 22 | +We strongly recommend inspecting the RBAC configuration (for [manifests installation](https://github.com/nginxinc/kubernetes-ingress/blob/master/deployments/rbac/rbac.yaml) |
| 23 | +or for [helm](https://github.com/nginxinc/kubernetes-ingress/blob/master/deployments/helm-chart/templates/rbac.yaml)) |
| 24 | +to understand what access the Ingress Controller service account has and to which resources. |
| 25 | +For example, by default the service account has access to all Secret resources in the cluster. |
| 26 | + |
24 | 27 | ### Certificates and Privacy Keys |
25 | 28 | Secrets are required by the Ingress Controller for some configurations. |
26 | 29 | [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) are stored by Kubernetes unencrypted by default. |
27 | | -We highly recommend configuring Kubernetes to store these Secrets encrypted at rest. |
| 30 | +We strongly recommend configuring Kubernetes to store these Secrets encrypted at rest. |
28 | 31 | Kubernetes has [documentation](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) on how to configure this. |
29 | 32 |
|
30 | 33 | ## Ingress Controller |
31 | 34 |
|
32 | 35### Recommended Secure Defaults |
33 | 36 | We recommend the following for the most secure configuration: |
34 | | - * If Prometheus metrics are [enabled](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-prometheus-metrics), |
35 | | - we recommend [configuring HTTPS](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-prometheus-tls-secret) for Prometheus. |
| 37 | + * If Prometheus metrics are [enabled](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-prometheus-metrics), |
| 38 | + we recommend [configuring HTTPS](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-prometheus-tls-secret) for Prometheus. |
36 | 39 |
|
37 | 40 | ### Snippets |
38 | | -[Snippets](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-snippets/) |
39 | | -are a powerful feature which enable the injection of NGINX config. |
| 41 | +[Snippets](/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-snippets/) |
| 42 | +is a powerful feature which enable the injection of NGINX config. |
40 | 43 | This can be useful for a proof of concept or debugging. |
41 | | -Snippets are disabled by default as they can be used to inject malicious config. |
42 | | -We recommend they are not used in production. |
| 44 | +The Snippets feature is disabled by default as it can be used to inject malicious config. |
| 45 | +We recommend it is not used in production. |
0 commit comments