Create a Security Best Practices/Design Document for Agones

[jeremyje]

As Agones expands we'll need to provide guidance to customers on how to securely deploy it. More importantly we'll need best practices to make security informed decisions during our future designs to make sure that Agones is secure by default.

I'll publish a draft for community review/edits once it's ready. As a preview it'll be simply just an index of all the best practices and recommendations for the dependencies of the project and how it relates to the project.

[aLekSer]

Do we need to also verify support of Sandbox Pods ?
https://cloud.google.com/kubernetes-engine/docs/concepts/sandbox-pods

[roberthbailey]

Things we could document:

• Our RBAC rules
• Firewall / open ports for game servers
• General k8s & containerization security best practices
• Certificates - e.g. yaml file gives everyone the same certs for allocator service and webhooks
• How to customize allocator service certs
• How to disallow a game server pod access to k8s (by default they have access via our rbac rules)
• Use of namespaces

[github-actions]

'This issue is marked as Stale due to inactivity for more than 30 days. To avoid being marked as 'stale' please add 'awaiting-maintainer' label or add a comment. Thank you for your contributions '

[markmandel]

Reopening - looks like a bug in the bot. Should still be stale though.

[github-actions]

'This issue is marked as Stale due to inactivity for more than 30 days. To avoid being marked as 'stale' please add 'awaiting-maintainer' label or add a comment. Thank you for your contributions '