Security

Secure your KubeZero platform with comprehensive security configurations.

Overview

KubeZero implements security best practices by default, providing a secure foundation for your applications.

Security Features

Network Policies for traffic segmentation
Pod Security Standards enforcement
RBAC for access control
Service Mesh for mTLS communication
Secret Management with external secrets operator

Authentication & Authorization

Configure authentication providers:

# OIDC configuration
auth:
  oidc:
    enabled: true
    issuerURL: "https://your-idp.com"
    clientID: "kubezero"
    groupsClaim: "groups"

Network Security

Implement network segmentation:

# Network policy example
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

Secret Management

Secure secret handling:

Use external secret operators
Rotate secrets regularly
Implement least privilege access
Audit secret access

Security Scanning

Enable vulnerability scanning:

Container image scanning
Kubernetes configuration scanning
Runtime security monitoring
Compliance reporting

Best Practices

Follow these security best practices:

Enable Pod Security Standards
Use network policies
Implement RBAC
Regular security audits
Keep components updated

Compliance

KubeZero helps with compliance frameworks:

SOC 2
ISO 27001
HIPAA
PCI DSS

For security configuration details, see the security reference.

Overview​

Security Features​

Authentication & Authorization​

Network Security​

Secret Management​

Security Scanning​

Best Practices​

Compliance​