CNO Secure¶
Organizations are moving to containers, Kubernetes, and micro-services, but security is a big challenge. Security teams need to understand the threat landscape in this ecosystem and mitigate the security risks associated with Kubernetes adoption.
That is why in CNO Secure, you will have the tools and processes to integrate cloud-native security without breaking innovation speed.
When you onboard your teams and projects, you can:
-
Define a fine-tuned access to CNO resources through an IAM strategy
-
Scan all images to avoid vulnerabilities in your container images
-
Define security policies for your clusters and containerized workloads at a glance
-
Meet your security compliance requirements such as CIS, PCI-DSS, NIST, and so on.
CNO IAM¶
CNO IAM is an authorization system that provides fine-grained access management of CNO resources.
You can manage who has access to CNO resources, what they can do with them, and what areas they can access.
CNO uses Keycloak to delegate authentication and authorization through CNO in the actual release.
You can integrate your LDAP on-premises server to authenticate your users through the following workflow:
This way, you have deep visibility into your IAM strategy at Organization, Project, or Cluster level.
CNO promotes cross-functional collaboration of your teams by defining the authorization scope for each trade while eliminating the need for deep Kubernetes knowledge.
You can use built-in roles to assign to your users to fit your needs.
| Role Name | Level | Role Description |
|---|---|---|
| Super-Admin | Organization | The super-Admins configure the interface. They can integrate all users via IAM, clusters via the Hub, and define tagging and quota policies for the organization. |
| Project Owner | Organization | The Project Owners become administrators of their projects They can create and administer a project, ask for resources (CPU, Memory, Storage), add team members to the project, link environments across multi-cloud Kubernetes clusters |
| Project Owner+ | Organization | Same as Project Owners except one thing. The Project Owners + are self-provisioned; they do not need validation from the Validator. |
| Validators | Organization | They Validate Resources requests. The Validators receive the resource requests and decide whether or not to accept them. In case of refusal, the owner project must reapply. |
| Project Admins | Project | They are the project Owners Manage environments, Resources, clusters, day-to-day deployments |
| Developers | Project | They deliver applications. Set up environments and Deploy Applications |
| Viewers | Project | They monitor results. They can view and monitor KPI thanks to the dashboard project |
Scan¶
Coming soon!
Policy¶
Coming soon!
Compliance¶
Coming soon!