|
| 1 | +# Security |
| 2 | + |
| 3 | +We consider the security of the Ingress Controller paramount to the success of our users and use the following to |
| 4 | +ensure the security of the Ingress Controller: |
| 5 | +* [Secure Development Life Cycle](https://www.microsoft.com/en-us/securityengineering/sdl/) |
| 6 | +* [FOSSA](https://fossa.com) scanning |
| 7 | + |
| 8 | +However, the Ingress Controller is deployed by a User in their environment, and as such, the User takes responsibility |
| 9 | +for securing a *deployment* of the Ingress Controller. |
| 10 | +We highly recommend every User to read and understand the following security concerns. |
| 11 | + |
| 12 | +## Kubernetes |
| 13 | +We recommend the Kubernetes [guide to securing a cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/). |
| 14 | +In addition, the following relating more specifically to Ingress Controller. |
| 15 | + |
| 16 | +### RBAC and Service Account |
| 17 | +The Ingress Controller is deployed within a Kubernetes environment, this environment must be secured. |
| 18 | +Kubernetes uses [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to control which types of users |
| 19 | +can access which resources and what operations they can perform. |
| 20 | +The Ingress Controller requires a service account which is configured using RBAC. |
| 21 | +We strongly recommend using the [RBAC configuration](https://github.com/nginxinc/kubernetes-ingress/blob/master/deployments/rbac/rbac.yaml) provided in our standard deployment configuration. |
| 22 | +It is configured with the least amount of privilege required for the Ingress Controller to work. |
| 23 | + |
| 24 | +### Certificates and Privacy Keys |
| 25 | +Secrets are required by the Ingress Controller for some configurations. |
| 26 | +[Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) are stored by Kubernetes unencrypted by default. |
| 27 | +We highly recommend configuring Kubernetes to store these Secrets encrypted at rest. |
| 28 | +Kubernetes has [documentation](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) on how to configure this. |
| 29 | + |
| 30 | +## Ingress Controller |
| 31 | + |
| 32 | +### Recommended Secure Defaults |
| 33 | +We recommend the following for the most secure configuration: |
| 34 | + * If Prometheus metrics are [enabled](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-prometheus-metrics), |
| 35 | + we recommend [configuring HTTPS](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-prometheus-tls-secret) for Prometheus. |
| 36 | + |
| 37 | +### Snippets |
| 38 | +[Snippets](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-snippets/) |
| 39 | +are a powerful feature which enable the injection of NGINX config. |
| 40 | +This can be useful for a proof of concept or debugging. |
| 41 | +Snippets are disabled by default as they can be used to inject malicious config. |
| 42 | +We recommend they are not used in production. |
0 commit comments