Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Azure Kubernetes Service Approval Accelerator #72

Closed
wants to merge 1 commit into from
Closed

Add Azure Kubernetes Service Approval Accelerator #72

wants to merge 1 commit into from

Conversation

tmewett
Copy link
Contributor

@tmewett tmewett commented Sep 29, 2020

It no doubt needs some work, so I'm opening for initial review.

I'm not sure what the CSP Access and Dependent Services security domains refer to (they were left blank in the Azure PostgreSQL Accelerator), so I've left them blank.

I also considered adding an Azure Storage Accelerator to move detail to and expand on relevant sections. I may create that and commit it later on.

I can reformat this into a table before merge.

@finos-cla-bot
Copy link

finos-cla-bot bot commented Sep 29, 2020

Thank you for your contribution and Welcome to our Open Source Community!

To make sure your pull request is accepted successfully, we ask all our open source contributors to sign a Contributor License Agreement.

Having reviewed our contributor list, we require a CLA for the following people : (@tmewett).

If you need help obtaining a CLA, please read the Requirements for Contributions section of our CLA wiki or email help@finos.org with your questions.

Thanks once again for your contribution. Let us work with you to make the CLA process quick, easy and efficient so we can move forward with reviewing and accepting your pull request.

cc @finos-admin

@mcleo-d mcleo-d added this to To do in Compliant Financial Infrastructure via automation Sep 29, 2020
@mcleo-d mcleo-d moved this from To do to In progress in Compliant Financial Infrastructure Sep 29, 2020
@mcleo-d mcleo-d added the azure Items related to Microsoft Azure label Sep 29, 2020
@mcleo-d
Copy link
Member

mcleo-d commented Sep 29, 2020

Congratulation @tmewett for raising your first Cloud Service Certification pull request and blazing the Azure Kubernetes trail. I have assigned you as the pull request owner and have tagged @peterrhysthomas for review.

🚀 🚀 🚀

You will also noticed the FINOS CLA Bot flagging your pull request. I will email you and the CodeThink team separately to get a FINOS CLA signed so we can remove this error.

Great work! 💯 💯 💯

@mcleo-d mcleo-d mentioned this pull request Oct 6, 2020
Closed
10 tasks
@mcleo-d
Copy link
Member

mcleo-d commented Oct 6, 2020

Hey @tmewett

Thanks for contributing this pull request 🚀🚀🚀

I have added this PR to the agenda for the next project meeting on 8th October #75 if you're able to attend and introduce to the group?

Speak soon,

James.

@tmewett
Copy link
Contributor Author

tmewett commented Oct 6, 2020

Hi James, yes I can attend, though I don't have much to add - will be good to get some initial thoughts on it though

alfredtommy
alfredtommy reviewed Oct 22, 2020
View reviewed changes
Copy link
Contributor

@alfredtommy alfredtommy left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Tom,

This looks good for now, although I find a few sections lacking.

  1. IP firewall rules, aside from the Azure fw rules, there should be a mention of enforcing network policies/istio for securing inter pod communication

  2. Underlying OS, does not mention what the node's host OS is and if it has been hardened by Azure or not.

  3. There is no mention of cluster networking/cluster access. How to ensure that the cluster and nodes are private, etc.

  4. Encryption of ETCD is not mentioned

  5. Specific minimal permissions to grant in Azure RBAC for accessing cluster. Eg: Devs should have role x, admins should have role y

@mcleo-d mcleo-d mentioned this pull request Oct 22, 2020
Closed
13 tasks
@mcleo-d mcleo-d added help wanted Extra attention is needed ready for review Item ready for review by the wider community labels Oct 23, 2020
@mcleo-d mcleo-d mentioned this pull request Oct 23, 2020
Closed
@mcleo-d mcleo-d mentioned this pull request Nov 4, 2020
Closed
8 tasks
This was linked to issues Nov 18, 2020
Define the Service Approval Accelerator for Kubernetes on Azure #68
Closed
Azure AKS definition #67
Closed
@mcleo-d mcleo-d mentioned this pull request Nov 20, 2020
Closed
11 tasks
This was referenced Dec 8, 2020
Closed
Closed
Closed
@TLATER TLATER mentioned this pull request Jan 13, 2021
Merged
6 tasks
@mcleo-d
Copy link
Member

mcleo-d commented Jan 14, 2021

This PR has been superseded by #90 as per the following comment by @TLATER #90 (comment)

@mcleo-d mcleo-d closed this Jan 14, 2021
Compliant Financial Infrastructure automation moved this from In progress to Done Jan 14, 2021
@mcleo-d mcleo-d added the kubernetes Items related to Kubernetes label Feb 12, 2021
@mcleo-d mcleo-d removed a link to an issue Feb 12, 2021
Define the Service Approval Accelerator for Kubernetes on Azure #68
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alfredtommy alfredtommy alfredtommy left review comments

@peterrhysthomas peterrhysthomas Awaiting requested review from peterrhysthomas

Assignees

@tmewett tmewett

Labels
azure Items related to Microsoft Azure help wanted Extra attention is needed kubernetes Items related to Kubernetes ready for review Item ready for review by the wider community
Projects
CFI - Main Project Kanban
Archived in project
Compliant Financial Infrastructure
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Azure AKS definition
3 participants
@tmewett @mcleo-d @alfredtommy