Underlying infrastructure

Gloo Platform runs on Kubernetes platforms, which in turn run on underlying infrastructure such as on-prem hardware or cloud providers. The infrastructure provider for the clusters in your service mesh can affect the security posture of the apps that run in your cluster. Review general guidelines for maintaining your environment to work securely with Gloo, and consult your infrastructure provider for more information.

Cluster details: Review the System requirements for cluster details such as node sizing and number of clusters. Review your infrastructure provider for more security features, such as the following.

Networking: Review the System requirements for networking details such as required port and repository access for firewalls. Review your infrastructur provider for more security features, such as the following.

Load balancers: Kubernetes LoadBalancer and Ingress services are typically backed by a separate load balancer in your infrastructure provider.

High availability and disaster recovery: Your infrastructure provider might offer HA/DR features for the servers, load balancers, or other infrastructure tools that you use. For example, creating your cluster with nodes that are spread across multiple zones can increase the availability of your apps.

Certificate, key, and other encryption management services: Your infrastructure provider might provide tools to manage the encryption of Kubernetes secrets, CA certificates, and other resources that your apps use to secure their data.

Logging and monitoring: To help keep your environment secure, set up a plan to log and monitor not only your apps and service mesh traffic, but also your infrastructure resources.