Secure your network
Recommendations in securing your network to avoid back-doors and other vulnerabilities.
When securing your network it's important to have a good understanding of the infrastructure services you are using. In this section, we will describe very common infrastructure service providers and how to secure your application within those environments.
Kubernetes
If you have deployed your application on Kubernetes, make sure that there is no direct ingress to your application or microservices, also make sure that the services linked to your application services are of type:
NodePort
, and set toexternalTrafficPolicy: 'local'
Unless you are confident with what you are doing, you should only have one LoadBalancer that is directed to your Ingress and which should redirect every request to the Leza Proxy
Docker compose
If you using Docker Compose to deploy your application or services, ensure you create a private network for your applications, microservices and databases then share that network with the LeZa Proxy
Example:
AWS
If you have deployed your application on AWS, make sure that the security groups linked to your application services and Load Balancers are configured to block any external access with the exception of your Load-balancer and the container that runs your LeZa Proxy.
Google Cloud
We're working on it 🖌️
Azure
We're working on it 🖌️
Digital Ocean
We're working on it 🖌️
Last updated