Skip to content

Claudie Hardening

In this section we'll describe how to further configure security hardening of the default deployment for claudie.

Passwords

When deploying the default manifests claudie uses simple passwords for MongoDB, DynamoDB and MinIO.

You can find the passwords at these paths:

manifests/claudie/mongo/secrets
manifests/claudie/minio/secrets
manifests/claudie/dynamo/secrets

It is highly recommended that you change these passwords to more secure ones.

Network Policies

The default deployment of claudie comes without any network policies, as based on the CNI on the Management cluster the network policies may not be fully supported.

We have a set of network policies pre-defined that can be found in:

manifests/network-policies

Currently, we have a cilium specific network policy that's using CiliumNetworkPolicy and another that uses NetworkPolicy which should be supported by most network plugins.

To install network policies you can simply execute one the following commands:

# for clusters using cilium as their CNI
kubectl apply -f https://github.com/berops/claudie/releases/latest/download/network-policy-cilium.yaml
# other
kubectl apply -f https://github.com/berops/claudie/releases/latest/download/network-policy.yaml