As a developer of notify, I would like our system to be as secure as possible so that we can maintain a high integrity and reliability rating. Currently our K8s API is public facing which means that it could be susceptible to zero day attacks on k8s administration.
WHY are we building?
We need to improve our security posture
WHAT are we building?
Create a new K8s infrastructure that is private facing. This will also require creating a VPN so that system administrators can connect and administer the system.
VALUE created by our solution
Improved security for GC Notify
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved.
[ ] EKS is not publicly accessible
[ ] System administrators are able to connect to EKS via VPN
[ ] GitHub can still remotely connect to EKS for manifest deployments
Description
As a developer of notify, I would like our system to be as secure as possible so that we can maintain a high integrity and reliability rating. Currently our K8s API is public facing which means that it could be susceptible to zero day attacks on k8s administration.
WHY are we building?
We need to improve our security posture
WHAT are we building?
Create a new K8s infrastructure that is private facing. This will also require creating a VPN so that system administrators can connect and administer the system.
VALUE created by our solution
Improved security for GC Notify
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved.
QA Steps