Skip to content

CNO Secure

Organizations are moving to containers, Kubernetes, and micro-services, but security is a big challenge. Security teams need to understand the threat landscape in this ecosystem and mitigate the security risks associated with Kubernetes adoption.

That is why in CNO Secure, you will have the tools and processes to integrate cloud-native security without breaking innovation speed.

When you onboard your teams and projects, you can:

  • Define a fine-tuned access to CNO resources through an IAM strategy

  • Scan all images to avoid vulnerabilities in your container images

  • Define security policies for your clusters and containerized workloads at a glance

  • Meet your security compliance requirements such as CIS, PCI-DSS, NIST, and so on.

CNO IAM

CNO IAM is an authorization system that provides fine-grained access management of CNO resources.

You can manage who has access to CNO resources, what they can do with them, and what areas they can access.

CNO uses Keycloak to delegate authentication and authorization through CNO in the actual release.

You can integrate your LDAP on-premises server to authenticate your users through the following workflow:

LDAP ARCHITECT PROCESS WITH CNO

This way, you have deep visibility into your IAM strategy at Organization, Project, or Cluster level.

CNO promotes cross-functional collaboration of your teams by defining the authorization scope for each trade while eliminating the need for deep Kubernetes knowledge.

You can use built-in roles to assign to your users to fit your needs.

Role Name Level Role Description
Super-Admin Organization The super-Admins configure the interface.
They can integrate all users via IAM, clusters via the Hub,
and define tagging and quota policies for the organization.
Project Owner Organization The Project Owners become administrators of their projects
They can create and administer a project, ask for resources
(CPU, Memory, Storage), add team members to the project,
link environments across multi-cloud Kubernetes clusters
Project Owner+ Organization Same as Project Owners except one thing.
The Project Owners + are self-provisioned; they do
not need validation from the Validator.
Validators Organization They Validate Resources requests.
The Validators receive the resource requests and decide whether
or not to accept them.
In case of refusal, the owner project must reapply.
Project Admins Project They are the project Owners
Manage environments, Resources, clusters, day-to-day deployments
Developers Project They deliver applications.
Set up environments and Deploy Applications
Viewers Project They monitor results.
They can view and monitor KPI thanks to the dashboard project

Scan

Coming soon!

Policy

Coming soon!

Compliance

Coming soon!


Last update: 2022-07-04