1/2/2023 0 Comments Controlplane githubNote: Diagram to be updated to be generalized to any Cloud Provider ( Issue #3). This is not an account-to-account trust (such a broad trust is likely to introduce a design flaw that would allow elevation of privilege). This trust is granular, meaning that a specific Principal Entity in the trusting account trusts a specific Principal Entity in the trusted account. Trust is delegated from a Principal Entity in a trusting account to a Principal Entity in the trusted account. Ensuring node image (kindest/node:v1.17.0) Preparing nodes Writing configuration Starting control-plane Installing CNI Installing StorageClass Joining worker nodes Set kubectl context to 'kind-kind' You can now use your cluster with: kubectl cluster-info -context kind-kind Have a. #Image 1: Control Plane to Target(s) Relationship Minimal Long-Term credentials exist (only enough to seed-access to the backup control plane), and these credentials are stored securely for 'break-glass' scenarios. Human access is brokered with MFA, and app access via Long-Term Credentials implements compensating controls.Īn enhanced Control Plane pattern includes a second backup or recovery control plane, and each of the target accounts also has a trust relationship with the backup control plane. Long-Term Credentials associated with Users are routinely in use in the primary control plane. The basic Control Plane pattern has a single or primary control plane and one or more target accounts that have a trust relationship with the control plane. The Control Plane pattern allows for relative ease of use while balancing security needs such as, blast radius containment, minimal attack surface, privileged access management, and least privilege.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |