| description | tags | |||||||
|---|---|---|---|---|---|---|---|---|
An overview of the Aporeto solution used to implement the Zero-Trust security model on the Openshift platform. |
|
The Aporeto SDN has been replaced with Openshft 4 Built-In SDN Capability in all clusters of the BC Gov's Openshift 4.x Platform. Teams should now be using Kubernetes Network Policies instead of Aporeto Network Security Policies to implement network security in their namespaces. This page is now ARCHIVED.
The Aporeto solution is a multi-cluster multi-cloud zero trust network solution that will deny all traffic from all processing units until expliticly allowed. For the purpose of the OpenShift environment, a "Pod" is considered a "Processing Unit". This solution creates an "identity" for each processing unit that allows for much more granular access control policies beyond a simple network address.
Users with appropriate permissions can sign into the Aporeto Console UI with the following details below:
- URL: https://console.aporeto.com
- Select the sign in options (three dots) and select Sign in with OIDC
- Namespace: /bcgov
- Provider: oidc
☝️ Note
DevOps Security team is currently working on enabling access to the Aporeto Console UI for the platform applications. Stay tuned.
-
Aporeto Links
-
People
- BCDevOps Security Team
- Architecture Documents
- Build & Deploy Documents
- Production Rollout Plan
- Developer Documentation
- Administration Documents
- Design Patterns
Please see the the support datasheet here for Aporeto product support.
- The following teams are able to contact Aporeto for support:
- DXC
- DevOps Platform-Services Team
Please use GitHub issues in this repo with the "security/aporeto".