Lobstack/Docs
Deploy Agent
Docs/Security & Infrastructure/Overview
DevOps

Security & Infrastructure

Enterprise-grade security built into every layer. Kubernetes orchestration, mutual TLS, AES-256 encryption, HashiCorp Vault, gVisor sandboxes, and SOC 2-aligned security controls.

💡

Defense in Depth

Lobstack uses a multi-layered security architecture. No single layer is the entire defense — every component is designed to contain threats even if another layer is compromised.

Security Architecture#

Infrastructure Stack
┌─────────────────────────────────────────────────────────────────┐
│  External Traffic (TLS 1.3, cert-manager, Let's Encrypt)       │
├─────────────────────────────────────────────────────────────────┤
│  Istio Ingress Gateway (TLS termination + rate limiting)       │
├─────────────────────────────────────────────────────────────────┤
│  Service Mesh (Istio — mutual TLS between ALL services)        │
│  ┌──────────────────────┐  ┌─────────────────────────────────┐ │
│  │  Control Plane (K8s) │  │  Agent Runtime (K8s)            │ │
│  │  ┌────────────────┐  │  │  ┌───────────┐ ┌───────────┐   │ │
│  │  │ Lobstack API   │──│──│─▶│ Agent Pod │ │ Agent Pod │   │ │
│  │  │ (3+ replicas)  │  │  │  │ (gVisor)  │ │ (gVisor)  │   │ │
│  │  └───────┬────────┘  │  │  └───────────┘ └───────────┘   │ │
│  │          │            │  │  NetworkPolicy: full isolation  │ │
│  └──────────┼────────────┘  └─────────────────────────────────┘ │
│             │                                                    │
│  ┌──────────▼────────────┐  ┌─────────────────────────────────┐ │
│  │  HashiCorp Vault      │  │  Monitoring & Audit             │ │
│  │  (HA Raft, 3 nodes)   │  │  Falco · Prometheus · Audit    │ │
│  │  Transit: AES-256-GCM │  │  OPA Gatekeeper Policies       │ │
│  └───────────────────────┘  └─────────────────────────────────┘ │
├─────────────────────────────────────────────────────────────────┤
│  Kubernetes Cluster (encrypted etcd, RBAC, Pod Security)        │
│  Encrypted Storage (AES-256-CBC at rest)                        │
└─────────────────────────────────────────────────────────────────┘

Security Pillars#

☸️

Kubernetes & Scaling

Production K8s orchestration with HPA, KEDA event-driven scaling, VPA, PDBs, and multi-zone topology spread.

🔐

AES-256 Encryption

Encryption at rest via K8s aescbc and Vault Transit. Encryption in transit via Istio mTLS and TLS 1.3.

🔑

Secrets Management

HashiCorp Vault with HA Raft, K8s auth, Transit encryption engine, and templated RBAC policies.

🛡️

Sandbox Isolation

gVisor application kernel per agent, NetworkPolicies, resource quotas, and zero inter-agent communication.

📋

Compliance Readiness

SOC 2-aligned controls mapping with audit logging, retention policies, and continuous monitoring.

Service Mesh & Mutual TLS#

All service-to-service communication runs through Istio's service mesh with strict mutual TLS (mTLS) enforced mesh-wide. Every pod authenticates via X.509 certificates — there is no unencrypted internal traffic.

LayerProtocolCipherEnforcement
External → GatewayTLS 1.3ECDSA P-256 (Let's Encrypt)cert-manager auto-renewal
Service → ServicemTLS (Istio)X.509 mutual authSTRICT PeerAuthentication
API → VaultTLS 1.3Internal CAVault TLS config
K8s etcdAES-256-CBCaescbc providerEncryptionConfiguration
Vault StorageAES-256-GCMRaft integrated storageVault seal mechanism
Disk VolumesAES-256Cloud provider managedEncrypted StorageClass

Zero-Trust Networking#

Lobstack enforces zero-trust at every level. No service is implicitly trusted — all access requires explicit authorization.

🔒

Istio AuthorizationPolicies

Only the control plane can reach agent pods. Only the ingress gateway can reach the API. Default-deny baseline for all namespaces.

🌐

Kubernetes NetworkPolicies

Agent pods cannot communicate with each other. Egress is restricted to AI APIs (port 443) and the Lobstack API only.

🔑

Vault Templated Policies

Each agent can ONLY read its own secrets. Templated on {{identity.entity.metadata.agent_id}} — no cross-agent access possible.

🚫

No ServiceAccount Tokens

Agent pods have automountServiceAccountToken: false — they cannot access the Kubernetes API.

📡

Private Network Blocked

Agent egress blocks all RFC 1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) — agents can only reach the public internet.

Runtime Security#

Falco monitors all container runtime activity with custom rules tailored for Lobstack. Detections include:

ThreatDetection RuleSeverity
Container escapeShell spawned in agent containerWARNING
Privilege escalationsetuid/sudo/su executionCRITICAL
Crypto miningKnown miner processes or stratum protocolCRITICAL
Secrets theftReading /var/run/secrets or vault tokensCRITICAL
K8s API accessAgent connecting to kubernetes.default.svcERROR
Sensitive file access/etc/shadow, /proc/1/, service account pathsCRITICAL
Unauthorized networkOutbound on non-443 portsERROR

Admission Control#

OPA Gatekeeper enforces organizational policies at admission time — before any resource is created in the cluster.

🏷️

Required Labels

All deployments must have app.kubernetes.io/name and app.kubernetes.io/part-of labels.

🚫

No Privileged Containers

Privileged: true is blocked for all pods in Lobstack namespaces.

📏

Required Resource Limits

All containers must specify CPU and memory limits.

👤

Non-Root Required

All pods must set runAsNonRoot: true in their security context.

🏷️

No :latest Tag

Containers using the :latest image tag are flagged (warn mode, enforceable as deny).

Explore each area

Click into the specific pages above for detailed configuration examples, architecture diagrams, and implementation guides for each security layer.
API OverviewKubernetes & Scaling