This subsection describes the architecture of the Security subsystem of Deckhouse Kubernetes Platform (DKP).
The Security subsystem includes the following modules:
admission-policy-engine: Lets you use security policies in the cluster according to Kubernetes Pod Security Standards. The module uses Gatekeeper to enforce these policies.runtime-audit-engine: Implements an internal threat detection system.operator-trivy: Performs periodic vulnerability scanning of the DKP cluster.cert-manager: Manages TLS certificates in the cluster.secrets-store-integration: Delivers secrets to Kubernetes applications by integrating secrets, keys, and certificates stored in external secret stores.secret-copier: Automatically copies secrets to cluster namespaces.
The following Security subsystem components are currently described in this subsection: