Security
This document should cover the current status of security measurements.
Helm Chart Trust Chain
Helm charts are signed and validated against GPG keys in helmfile/files/gpg-pubkeys.
For more details on Chart validation, please visit: https://helm.sh/docs/topics/provenance/
All charts except the ones mentioned below are verifiable:
| Repository | Verifiable |
|---|---|
| open-xchange-repo | no |
Kubernetes Security Enforcements
This list gives you an overview of default security settings and whether they comply with security standards:
⟶ Visit our generated detailed Security Context overview.
NetworkPolicies
Kubernetes NetworkPolicies are an essential measure to secure your Kubernetes apps and clusters. When applied, they restrict the traffic to your services. This protects other deployments in your cluster or other services in your deployment from getting compromised when one component is compromised.
We ship a default set of Otterize ClientIntents via Otterize intents operator which translates intent-based access control (IBAC) into Kubernetes native NetworkPolicies.
This requires the Otterize intents operator to be installed.
security: otterizeIntents: enabled: true