This document describes how to configure Cloud Run for Anthos and its major components following security best practices.
Securing Cloud Run for Anthos
Cloud Run for Anthos is based on the open source Knative project, and inherits its security posture.
Workloads running on Cloud Run for Anthos share the same network and compute nodes. You should create separate clusters for workloads that don't have mutual trust. Cloud Run for Anthos clusters should not run unrelated workloads like CI/CD infrastructure or databases.
Reasons to create multiple clusters for Cloud Run for Anthos workloads include:
- Separating development from production environments.
- Isolating applications owned by different teams.
- Isolating highly privileged workloads.
Once you've designed your clusters, take the following actions to help secure them:
- Restrict access to your cluster.
- Understand the Knative threat model.
- Read the Knative security reference if you plan to use community supported tooling.
Securing components
You are responsible for securing components that aren't part of Cloud Run for Anthos.
Anthos Service Mesh
Cloud Run for Anthos relies on Anthos Service Mesh for routing traffic.
Use the following guides to help you secure Anthos Service Mesh:
Google Kubernetes Engine
Cloud Run for Anthos uses Google Kubernetes Engine (GKE) to schedule workloads. Take the following actions to help you secure your clusters:
- Follow the Anthos security tutorial.
- Understand the Google Kubernetes Engine multi-tenancy model.
- Follow the Google Kubernetes Engine cluster hardening guide.
- Understand the Google Kubernetes Engine shared responsibility model.
Known vulnerabilities
You should subscribe to the security bulletins for Cloud Run for Anthos dependencies so you can keep up-to-date with known vulnerabilities: