Skip to content

Commit

Permalink
feat(mesh): add security recommendation page
Browse files Browse the repository at this point in the history 
Signed-off-by: Charly Molter <[email protected]>
  • Loading branch information
@lahabana
lahabana committed Apr 4, 2024
1 parent f905c88 commit 34a0d7b
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 0 deletions.
5 changes: 5 additions & 0 deletions app/_data/docs_nav_mesh_2.6.x.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,11 @@ inherit:
- path: [ Kong Mesh in Production, Secure your deployment, Kuma API access control ]
action: modify
text: Kong Mesh API access control
- path: [ Kong Mesh in Production, Secure your deployment ]
action: insert
index: 0
text: Security recommendations
url: /production/cp-deployment/security-recommendations
- path: [ Kong Mesh in Production, Secure your deployment ]
action: insert
index: -1
Expand Down
5 changes: 5 additions & 0 deletions app/_data/docs_nav_mesh_2.7.x.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,11 @@ inherit:
- path: [ Kong Mesh in Production, Secure your deployment, Kuma API access control ]
action: modify
text: Kong Mesh API access control
- path: [ Kong Mesh in Production, Secure your deployment ]
action: insert
index: 0
text: Security recommendations
url: /production/cp-deployment/security-recommendations
- path: [ Kong Mesh in Production, Secure your deployment ]
action: insert
index: -1
Expand Down
22 changes: 22 additions & 0 deletions app/_src/mesh/production/cp-deployment/security-recommendations.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
title: Security Recommendations
---

{{site.mesh_product_name}} is designed to be secure by default. However, there are additional steps you can take to further secure your deployment.
For a strongly secure and high-availability deployment checkout [Mesh in Konnect](https://docs.konghq.com/konnect/mesh-manager/).

Check failure on line 6 in app/_src/mesh/production/cp-deployment/security-recommendations.md

View workflow job for this annotation

GitHub Actions / Vale 

[vale] reported by reviewdog 🐶
[kong.Relativeurls] Use relative URLs for docs URLs. For example, use [Get Started](/gateway/latest/get-started/) instead of [Get Started](https://docs.konghq.com/gateway/3.3.x/get-started/). If a direct URL is necessary, use {{ site.links.web }} instead of `https://docs.konghq.com`.

Raw Output:
{"message": "[kong.Relativeurls] Use relative URLs for docs URLs. For example, use [Get Started](/gateway/latest/get-started/) instead of [Get Started](https://docs.konghq.com/gateway/3.3.x/get-started/). If a direct URL is necessary, use {{ site.links.web }} instead of `https://docs.konghq.com`.", "location": {"path": "app/_src/mesh/production/cp-deployment/security-recommendations.md", "range": {"start": {"line": 6, "column": 65}}}, "severity": "ERROR"}

## Control Plane

### Access Control

For usability, {{site.mesh_product_name}} control plane API is open by default.
To restrict access to entities and features of the control plane, you can configure [access control policies](/mesh/{{page.release}}/features/rbac/).

### KDS Authentication

In multi-zone deployments, you can enable [KDS authentication](/mesh/{{page.release}}/features/kds-auth/) to secure the communication between the global and zone control planes.

### CORS

By default CORS setup in {{site.mesh_product_name}} is allowing any origin.
You can configure it by setting the control-plane config: `KUMA_API_SERVER_CORS_ALLOWED_DOMAINS` to a list of domains that are allowed to access the control plane API.

0 comments on commit 34a0d7b

Please sign in to comment.