Highly Secure Infrastructure

Created with Sketch.

Running on Kubernetes and in containers

  • Immutable infrastructure philosophy

Everything expressed via configuration or code

  • Nothing is manually done

  • This facilitates repeatability, auditability, and consistency

Very strict rules on everything

  • Very restrictive AWS IAM roles and permissions on all nodes

  • AWS Cloud trails and Flow Logs are enabled and monitored in real time

  • User access and controls
    • Usually means no read/write access to secrets

  • Deployment bot access and controls to exactly what it needs to do its jobs
    • No read access to secrets

  • Pod rights and permission to access resources to only exactly what it needs

  • Secrets are encrypted at rest

  • Strict network access rules on inter-pod and inbound/outbound access
    • IP and port level access

  • And to end encryption for all microservices
    • All network communication will be encrypted into and inside the cluster, even for service to service interactions
    • Easy key rotation
    • Microservice mesh networking
    • Deep analytics and visibility on inbound and microservice interactions
    • Containers
      • Never run as root
      • Built with least amount of packages installed
      • Repeatable/automated process for building/testing/deploying

CI/CD

  • Automated deployments of everything

  • No human should be configuring or deploying anything into the cluster

  • This gives you complete programmatic control of the cluster and what runs inside of it

  • Everything that happens is auditable by the code because there are no manual steps

  • Segmentation of duties based on roles and servers

Logging & Monitoring

Created with Sketch.
  • Cluster Nodes

  • Pods

  • Kubernetes Audit Logs (logging only)

Alerting

Created with Sketch.
  • Searchlight alerting

  • Alerts and actionable insights

  • Destinations:
    • Slack
    • Hipchat
    • Pagerduty

Network

Created with Sketch.
  • Continuous auditing of inbound/outbound access

  • Matching network traffic to known threat list for attacks and bad actors

  • Anomaly detection

Chatbots

Created with Sketch.
  • Interaction with the cluster via Slack
    • Slack
    • Hipchat
    • Pagerduty

  • Initiate batch jobs

Multiple Cluster

Created with Sketch.

To support a dev/stage/prod workflow

Multi-Region Deployments

Created with Sketch.
  • Redundancy or active/active deployments

  • Serve worldwide traffic

Supported Software