ObjectScale appliance inherits all the security strengths offered in a Kubernetes environment. In addition, it implements the following security options, as recommended by Kubernetes.
- Hardening the Kubernetes deployment by allowing access only through published endpoints
- Enumerating and securing every resource, whether it is a system or custom resource, and with role-based access control (RBAC)
- Logging from each system component, including event generation and their collection through daemon sets
- Using Linux capabilities as permission sets for code to run in the containers so there is no undetected or uncontrolled access to the host
- Securing all external and internal connectivity using proxies and TLS for external-facing connections
- Using service accounts specific to applications so there is a containment and isolation of privilege with which applications run
- Securing permissions on individual operations and access of resources to prevent unauthorized access