Skip to main content
Version: Next

Security

Worker Access token

jadice flow uses a security token to manage access to workers. The security token must be specified in the server-side configuration files.

To obtain a token, please consult jadice-support@levigo.de.

We are currently investigating options to provide a token self-service for legitimate users. Stay tuned!

SSL

Communication between a client application and jadice flow can be secured via https/SSL over nginx.

Communication within a jadice flow Kubernetes cluster is supposed to be secure.

Jadice flow controller

The jadice flow controller can be configured to use keycloak for authorization. See Keycloak

Seccomp

All flow bundles are shipped with a default seccomp profile - RuntimeDefault that is applied to the controller, eureka and worker pods. This profile is designed to enhance security by restricting the system calls that the containers can make.

If your deployment requires a custom seccomp profile (even tho it is not recommended), you can specify it in the values.yaml file under the definitions section

definitions:
  securityContext: &templateSecurityContext
    seccompProfile:
      type: RuntimeDefault

The RuntimeDefault profile is a good balance between security and functionality for most use cases.

However it is also possible to use you own custom seccomp profile by specifying the type: Localhost and providing the path to your profile in the values.yaml file. But keep in mind that this approach requires additional setup and maintenance and it is generally not recommended unless absolutely necessary.

Last updated on by Artiom Dominic