4 Securing Your STAP Deployment
Learn about security considerations for your Oracle Communications Solution Test Automation Platform (STAP) deployment.
Based on the variety of customizations and plugins you have for your Kubernetes platform, you need to consider all possible security risks and have a mitigation plan in place.
Topic in this chapter:
General Security Considerations
Consider the following general security guidelines:
- Because the override values.yaml file for the Helm charts can be stored in versioning systems, it is recommended that you do not use it to save sensitive information, such as application credentials. Instead, use Kubernetes secrets.
- Use the sample scripts provided with the cloud native toolkit for creating secrets to maintain credentials for various applications, such as Order and Service Management (OSM), Siebel, Billing and Revenue Management (BRM), Service-Oriented Architecture (SOA), Application Integration Architecture (AIA), and Repository Creation Utility (RCU).
- Use the sample scripts for secrets and store them in a vault that has strong encryption.
- Secure your Kubernetes secrets by using strong encryption, instead of a default base64 encryption.
- Use Kubernetes Role-Based Access Control (RBAC) on minimum privileges policy and restrict kubectl get, list, and watch privileges for secrets, pods, logs, and services.
- Use Kubernetes RBAC on minimum privileges policy and restrict resource access to pods, such as secrets and network.
- Consider Kubernetes general security guidelines. For details, see the Kubernetes documentation available at: https://kubernetes.io/docs/setup/best-practices/enforcing-pod-security-standards/.