Skip to main content
Version: next

Security

Security is part of the operating path, not an appendix.

Use this section to understand the operator trust model, choose the production posture you actually want to defend, and verify the controls that enforce it from the platform layer down to workload and tenant boundaries.

Read the security modelReview platform controls

Security layers

  1. 01

    Security model

    Threat model, production posture, and the trust material assumptions behind the operator design.

    Open
  2. 02

    Platform controls

    RBAC architecture, admission policies, and network boundaries that protect the control plane first.

    Open
  3. 03

    Workload protections

    Pod hardening, TLS identity, and supply-chain verification for the deployed service.

    Open
  4. 04

    Tenant isolation

    Namespace boundaries, tenancy guarantees, and the limits of the shared-service model.

    Open

Related task pages

Security profilesMap the security model back to the task page that configures spec.profile on a real cluster.Tenant onboardingConnect security guarantees back to the namespace introduction and governance path in the user guide.
Next release documentation

You are reading the unreleased main docs. Use the version menu for the newest published release, or check the release notes for what is already out.

Was this page helpful?

Use Needs work to open a structured GitHub issue for this page. The Yes button only acknowledges the signal locally.

Needs work