Technical Discovery: Serverless use cases

Problem to solve

Users with serverless applications leveraging Knative are still exposed to security vulnerabilities but traditional security approaches primarily focus on classical, server focused use cases, rather than serverless. This means that users with serverless applications have to choose between using updating their app to a classic, server architecture to use security tools or use their serverless architecture without security tools in place.

Intended users

Further details

In the future, GitLab will offer similar security capabilities, such as WAF, Threat Detection, and others, for serverless applications, much as we do for traditional Kubernetes applications.

Proposal

Serverless use cases and technologies are relatively new, so this issue is proposing technical discovery for the team to learn about this space and identify next steps in terms of what we'll need to learn more about and how our security capabilities will relate to serverless use cases.

Specifically, this discovery should explore:

  • How would an app be deployed on serverless with GitLab & Knative?
  • What differences are there in using Knative compared with the traditional clusters GitLab has today?
  • Are our existing security tools, like WAF, Threat Detection, and NetworkPolicy objects able to be directly used with serverless use cases?
    • If not, why can't they be used? Is there a reasonable path to adapting them? Do the problems they solve not apply in the serverless use case?
  • Add other questions here organically

Follow-up issues should be created for each of these areas as necessary.

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

  • Answers to the questions above and technical decisions made
  • Follow-on issues created where necessary

What is the type of buyer?

Links / references

Edited by Rémy Coutable