We deploy Atlan using Kubernetes in an Atlan-managed VPC (virtual private cloud).
Network access to the control plane
We restrict access to the Kubernetes control plane by IP address to cluster administrators. We deny public internet access to the control plane.
Network access to nodes
Nodes are configured to only accept connections (via network access control lists):
- from the control plane on the specified ports
- for services in Kubernetes of type
NodePort
andLoadBalancer
Each component of the Kubernetes cluster has security measures configured. These security measures are at the following levels:
- Cluster security
- Node security
- Pod security
- Container security
- Network security
- Code security
- Secret management
- Data encryption in transit