GitOps Agent Security
GitOps Agent Security
GitOps agents like Flux and ArgoCD require careful security configuration. These agents have powerful permissions to modify infrastructure and need protection against compromise. Running agents with least-privilege permissions, enabling audit logging, and implementing network isolation all contribute to agent security.
Agent authentication to Git repositories should use minimal required permissions. Deploy keys or machine accounts with read-only repository access prevent agents from modifying Git history. Short-lived tokens with automatic rotation provide additional security for repository access.
# Flux v2 GitOps agent security configuration
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/warn: restricted
---
# GitRepository with SSH authentication
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
name: infrastructure
namespace: flux-system
spec:
interval: 1m
ref:
branch: main
secretRef:
name: infrastructure-auth
url: ssh://[email protected]/organization/infrastructure-gitops
verify:
mode: strict
secretRef:
name: infrastructure-verification
---
# Flux security policies
apiVersion: v1
kind: ConfigMap
metadata:
name: flux-security-policies
namespace: flux-system
data:
# Network policies for Flux components
network-policy.yaml: |
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: flux-source-controller
namespace: flux-system
spec:
podSelector:
matchLabels:
app: source-controller
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: flux-system
ports:
- protocol: TCP
port: 9090
egress:
- to:
- namespaceSelector: {}
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- protocol: UDP
port: 53
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 169.254.169.254/32 # Block IMDS
- 10.0.0.0/8 # Block internal network
ports:
- protocol: TCP
port: 443
- protocol: TCP
port: 22
---
# ArgoCD security configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
data:
# Restrict repository access
repositories: |
- url: https://github.com/organization/infrastructure-gitops
name: infrastructure
type: git
insecure: "false"
enableLfs: "false"
# RBAC configuration
policy.default: role:readonly
policy.csv: |
p, role:admin, applications, *, */*, allow
p, role:admin, repositories, *, *, allow
p, role:developers, applications, get, */*, allow
p, role:developers, applications, sync, development/*, allow
g, argocd-admins, role:admin
g, developers, role:developers
# Security settings
admin.enabled: "false"
application.instanceLabelKey: argocd.argoproj.io/instance
server.disable.auth: "false"
accounts.alice.enabled: "false"
Resource quotas and limits prevent compromised agents from consuming excessive resources. Network policies restrict agent communication to necessary endpoints. Pod security standards ensure agents run with minimal privileges. These controls limit the blast radius of potential agent compromise.