Applications

Your app design, container platform, and underlying infrastructure provider all impact the security posture of your apps. Review the following recommendations and best practices for developing apps in your Gloo Network environment.

App design and deployment

The following general practices can help you deploy your apps securely.

• Follow the twelve-factor app methodology to guide your microservice development.
• Review the security concepts for your container orchestration platform, such as Kubernetes or OpenShift.
• Search for provider-specific app development guides such as IBM Cloud that can help you connect the best practices for app design with tools that the infrastructure provider offers.
• Store your Gloo and application configuration files in a configuration management system that is integrated into a DevOps pipeline, such as Git.

For example, you might use those guides to make sure that your app deployment includes the following capabilities.

• ✅ Has multiple replicas for high availability
• ✅ Spreads across availability zones for resiliency
• ✅ Runs on machines that are optimized for the workload
• ✅ Runs in isolation from other workloads, such as in separate namespaces
• ✅ Reschedules gracefully in case of unexpected failure, such as with liveness probes, readiness probes, and pod disruption budgets
• ✅ Saves sensitive data in secrets or encrypted storage
• ✅ Automates configuration updates and rolling upgrades
• ❌ Does not run with outdated or unsecure images or versions
• ❌ Does not take up too many resources, by setting resource requests and limits
• ❌ Does not use personally identifiable information as part of its names or other non-secure areas

App traffic

See Network traffic for more information.

Logging and monitoring

Review the network traffic in your cluster with the built-in logging and monitoring tools.

• Network metrics: Gloo includes a built-in Prometheus server that collects metrics from the workloads in your cluster. With metrics, you can review the packets that were successfully forwarded to a destination or dropped.
• Gloo UI: Monitor the health of your Gloo Network resources and review workspace, networking, and policy configurations with the Gloo UI. The Gloo UI is automatically installed with Gloo Network.

This data can help you monitor the health and performance of your apps, find bottlenecks, or troubleshoot issues. In particular, you might use this data to improve the following aspects of your app:

• Kubernetes resource requests and limits, replicas, and scheduling to improve pod performance.
• Gloo Network policies.