Security principles and gatekeeping for the placement-controller.
- Zero Trust: All external services authenticated
- least Privilege: Agents have minimal permissions
- Secrets Management: All secrets in secure storage
- Audit Trail: All actions logged
- Service account tokens
- RBAC for least privilege
- mTLS for service-to-service
- API keys for zone communication
- Token rotation every 24 hours
- Mutual TLS for cross-zone calls
# Agent RBAC
rules:
- apiGroups: [""]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["dcp.hiro.io"]
resources: ["*"]
verbs: ["get", "list", "watch", "patch"]- Zone-specific tokens
- Limited to required resources
- No cross-zone impersonation
- Kubernetes Secrets
- Encrypted at rest
- Rotation managed by operators
# Never log secrets
# Mask in all output
# Inject via environment- Action execution
- State transitions
- API calls
- Configuration changes
{
"timestamp": "ISO8601",
"action_type": "GetType",
"application": "ns/name",
"zone": "zone1",
"success": true
}- Scans for secrets in code
- Vulnerability checking
- SBOM generation
- Non-root containers
- Read-only filesystem
- Network policies
Auto-generated from security requirements