Docs

Docs

Security Considerations

Security best practices for Control Center.

Control Center is a powerful tool that simplifies the management of Vaadin applications on Kubernetes clusters. However, it’s essential to consider security when deploying and using Control Center. This page outlines the security implications of using the software.

Config Map and Secrets Access Policy

Control Center uses config maps and secrets to store configuration data and sensitive information, such as database credentials and API keys. It’s crucial to secure these resources to prevent unauthorized access. Applications deployed by Control Center also use config maps to store deployment-specific data.

Control Center is only allowed access to config maps and secrets within the dedicated namespace created during installation. It won’t have access to resources outside of this namespace.

Applications deployed by Control Center only have access to the config maps created for them by Control Center. They don’t have access to other config maps or secrets in the same namespace or in the cluster. This means you can be sure that applications deployed by Control Center cannot access sensitive information from other applications or services.

Control Center Starter

Adding the Control Center starter dependency to your application allows it to be managed by Control Center. It also introduces the following security considerations:

Actuator Endpoints

An actuator endpoint is a public HTTP endpoint that provides information about the application’s health, metrics, and other operational data. The Control Center starter exposes three endpoints by default:

  • /actuator/health/liveness: Used by Kubernetes to check if the application is running.

  • /actuator/health/readiness: Used by Kubernetes to check if the application is ready to receive traffic.

  • /actuator/vaadin: Used by Control Center to determine relevant application information, such as the Vaadin version used and activated features (i.e., Localization).

Identity Management

When the Identity Management feature is enabled, the application is configured to use Keycloak for authentication and authorization. The users, groups, and roles are managed by Control Center, which is backed by a Keycloak instance. This requires the Keycloak instance to be accessible outside the cluster, which introduces a potential for disruption if it’s compromised.

Control Center creates a Keycloak administrator user during installation. This user account has the ability to access the Keycloak instance directly, but you shouldn’t use it normally. The username and password (base 64 encoded) are stored in the secret named <installation-name>-keycloak-initial-admin, where <installation-name> is the Control Center name chosen during installation. It’s important to keep this user’s credentials secure, as they provide full access to the Keycloak instance, and manual changes may cause disruption to Control Center features.