Skip to main content
Version: next

Security / Platform Controls

Platform security controls

Kubernetes-level controls such as RBAC, validating admission policies, and network boundaries.

Open RBAC architectureReview admission policies

Platform control routes

  1. 01

    RBAC architecture

    Split-controller model, narrow identities, and mutation-locked access boundaries.

    Open
  2. 02

    Admission policies

    CEL-based guardrails that reject unsafe configurations and pause sensitive reconciliation when enforcement disappears.

    Open
  3. 03

    Network security

    Default-deny traffic boundaries and the explicit egress model used for backups, upgrades, and integrations.

    Open
Cluster prerequisites
  • Kubernetes v1.33+ is required by OpenBao Operator. ValidatingAdmissionPolicy is GA on all supported versions.
  • A CNI that actually enforces NetworkPolicy is required for the network isolation model to be real.

Next actions

Open workload protectionsPod hardening, TLS, and supply-chain controls.Open tenant isolationHow platform controls support the multi-tenant security model.
Next release documentation

You are reading the unreleased main docs. Use the version menu for the newest published release, or check the release notes for what is already out.

Was this page helpful?

Use Needs work to open a structured GitHub issue for this page. The Yes button only acknowledges the signal locally.

Needs work