You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have already searched this project's issues to determine if a similar request has already been made.
What new functionality would you like to see?
Currently, we allow any IP to communicate with control plane utilities. We should implement an optional security enhancement that only allows communication from allowlisted IPs.
The allowed IPs should be sourced from (a) a static list defined in IaC, and (b) the user profiles defined in Authentik. This list should be continuously updated.
The following resources should be protected:
Kubernetes API server
Vault
Vault proxy
Grafana
Argo Web UI
Perhaps the AWS API should also be protected?
How would you use this new functionality?
This would add additional hardening that would prevent developer credentials from being used outside of their machines.
The text was updated successfully, but these errors were encountered:
Prior Search
What new functionality would you like to see?
Currently, we allow any IP to communicate with control plane utilities. We should implement an optional security enhancement that only allows communication from allowlisted IPs.
The allowed IPs should be sourced from (a) a static list defined in IaC, and (b) the user profiles defined in Authentik. This list should be continuously updated.
The following resources should be protected:
Perhaps the AWS API should also be protected?
How would you use this new functionality?
This would add additional hardening that would prevent developer credentials from being used outside of their machines.
The text was updated successfully, but these errors were encountered: