Skip to content

Security and Compliance

This component gives you, the user, the ability to control public DNS records by creating and modifying Kubernetes resources. This indirect control comes with the responsibility of ensuring you are not unintentionally disrupting other services.

Hostname Ownership

The most significant security consideration is hostname ownership. When you specify a hostname in a Service annotation, Ingress rule, or HTTPProxy, you are claiming control of that public DNS record.

Risk of Service Disruption

If two different resources in the same or different namespaces are configured to claim the same hostname, they will compete for control of the DNS record. This can cause the record to flap between different IP addresses, leading to service outages or traffic being misdirected to the wrong application.

It is your responsibility to:

  • Only use hostnames that you are authorized to manage.
  • Ensure your chosen hostnames are unique and not already in use by another application.

Domain Filtering

To mitigate the risk of accidental hostname takeovers, the platform is configured to only allow this component to manage DNS records for specific, pre-approved domains. Any attempt to create a DNS record for a domain that is not on the allowlist will be ignored. Please contact the platform provider if you need to manage records for a new domain.

Tip

For general information about security and compliance concerning the platform, services and components, see security.