Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mesh security recommendations #7173

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
+32 −0
Draft

Mesh security recommendations #7173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
34a0d7b
feat(mesh): add security recommendation page
lahabana Apr 4, 2024
f088f91
add more info
lahabana Apr 4, 2024
26e2a66
Merge branch 'main' into meshSecurityRecommendations
lahabana Apr 11, 2024
6d84319
Merge remote-tracking branch 'origin/main' into meshSecurityRecommend…
mheap May 7, 2024
dbf8900
Merge branch 'main' into meshSecurityRecommendations
lahabana Jul 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions app/_data/docs_nav_mesh_2.6.x.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,11 @@ inherit:
- path: [ Kong Mesh in Production, Secure your deployment ]
action: delete
entries: [ Kuma API access control ]
- path: [ Kong Mesh in Production, Secure your deployment ]
action: insert
index: 0
text: Security recommendations
url: /production/cp-deployment/security-recommendations
- path: [ Kong Mesh in Production, Secure your deployment ]
action: insert
index: -1
Expand Down
5 changes: 5 additions & 0 deletions app/_data/docs_nav_mesh_2.7.x.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,11 @@ inherit:
- path: [ Kong Mesh in Production, Secure your deployment ]
action: delete
entries: [ Kuma API access control ]
- path: [ Kong Mesh in Production, Secure your deployment ]
action: insert
index: 0
text: Security recommendations
url: /production/cp-deployment/security-recommendations
- path: [ Kong Mesh in Production, Secure your deployment ]
action: insert
index: -1
Expand Down
22 changes: 22 additions & 0 deletions app/_src/mesh/production/cp-deployment/security-recommendations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
title: Security Recommendations
---

{{site.mesh_product_name}} is designed to be secure by default. However, there are additional steps you can take to further secure your deployment.
For a strongly secure and high-availability deployment checkout [Mesh in Konnect](/konnect/mesh-manager/).

## Control Plane

### Access Control

For usability, {{site.mesh_product_name}} control plane API is open by default.
To restrict access to entities and features of the control plane, you can configure [access control policies](/mesh/{{page.release}}/features/rbac/).

### KDS Authentication

In multi-zone deployments, you can enable [KDS authentication](/mesh/{{page.release}}/features/kds-auth/) to secure the communication between the global and zone control planes.

### CORS

By default CORS setup in {{site.mesh_product_name}} is allowing any origin.
You can configure it by setting the [control-plane config](/mesh/{{page.release}}/documentation/configuration): `KUMA_API_SERVER_CORS_ALLOWED_DOMAINS` to a list of domains that are allowed to access the control plane API.
Loading