Description:
This issue fortifies the internal network architecture, operating on a Zero-Trust security model.
Currently, if an attacker breaches a public-facing pod, they can freely make HTTP requests to internal microservices.
We need to enforce Mutual TLS (mTLS) authentication between all backend pods, workers, and databases.
The core logic requires configuring a service mesh like Istio or Linkerd within the Kubernetes cluster.
The service mesh will automatically inject sidecar proxies that encrypt and authenticate all internal pod-to-pod traffic.
This guarantees that the Soroban Indexer worker will only accept requests that explicitly originate from the API Gateway.
Write network policies that explicitly drop any raw, unencrypted TCP traffic attempting to hit the internal services.
Ensure the database connections enforce sslmode=verify-full, requiring the backend pods to present valid client certificates.
This neutralizes massive vectors for lateral movement within the cluster following an initial perimeter breach.
Verify that the mTLS handshake overhead does not significantly impact the latency of internal microservice communication.
Document the certificate rotation policies handled by the service mesh control plane.
This is critical for ensuring that highly sensitive operations (like triggering refunds) cannot be spoofed internally.
Ensure Prometheus scraping endpoints are appropriately configured to bypass or authenticate through the mTLS mesh.
Acceptance 1: The internal cluster network operates on a strict Zero-Trust architectural model.
Acceptance 2: All pod-to-pod communication is cryptographically encrypted and mutually authenticated.
Acceptance 3: Lateral movement by an attacker is structurally blocked by network policies and sidecar proxies.
Labels: security, infrastructure, architecture
Description:
This issue fortifies the internal network architecture, operating on a Zero-Trust security model.
Currently, if an attacker breaches a public-facing pod, they can freely make HTTP requests to internal microservices.
We need to enforce Mutual TLS (mTLS) authentication between all backend pods, workers, and databases.
The core logic requires configuring a service mesh like Istio or Linkerd within the Kubernetes cluster.
The service mesh will automatically inject sidecar proxies that encrypt and authenticate all internal pod-to-pod traffic.
This guarantees that the Soroban Indexer worker will only accept requests that explicitly originate from the API Gateway.
Write network policies that explicitly drop any raw, unencrypted TCP traffic attempting to hit the internal services.
Ensure the database connections enforce sslmode=verify-full, requiring the backend pods to present valid client certificates.
This neutralizes massive vectors for lateral movement within the cluster following an initial perimeter breach.
Verify that the mTLS handshake overhead does not significantly impact the latency of internal microservice communication.
Document the certificate rotation policies handled by the service mesh control plane.
This is critical for ensuring that highly sensitive operations (like triggering refunds) cannot be spoofed internally.
Ensure Prometheus scraping endpoints are appropriately configured to bypass or authenticate through the mTLS mesh.
Acceptance 1: The internal cluster network operates on a strict Zero-Trust architectural model.
Acceptance 2: All pod-to-pod communication is cryptographically encrypted and mutually authenticated.
Acceptance 3: Lateral movement by an attacker is structurally blocked by network policies and sidecar proxies.
Labels: security, infrastructure, architecture