Open
Description
As of right now, the cluster protects basically no secret data. Probably the most valuable thing would be a TLS cert, but even that's not very valuable (easy to revoke).
With this cluster we should be able to detect when something is fishy, maybe with
- Falco - "Cloud-Native runtime security"
We should also...
- re-review the Vault security guidelines on Hashicorp's website
- review the Kubernetes security guidelines on k8s.io
- do a quick look through what's deployed and make sure there are no obvious holes