starlingx/docs
Code Issues Proposed changes
docs/doc/source/security/kubernetes/index-security-kub-81153c1254c3.rst
Joao Victor Portal 191b184763 Review K8s local and remote auth instructions (cherry pick to stx 9.0) 
This change replaces the usage of Service Tokens by OIDC tokens in the
instructions of Kubernetes cluster local and remote access. Some other
changes were made, like the deletion of redundant pages.

Story: 2010738
Task: 49561

Change-Id: Ie8206ecd316efd356a5889899a68f9a9ddbcdfa6
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
2024-03-11 10:51:09 -03:00

6.0 KiB
Raw Blame History

partner

System Accounts

types-of-system-accounts overview-of-system-accounts keystone-accounts remote-windows-active-directory-accounts starlingx-system-accounts-system-account-password-rules manage-local-ldap-39fe3a85a528

Access the System

configure-local-cli-access remote-access-index security-access-the-gui security-rest-api-access connect-to-container-registries-through-a-firewall-or-proxy

Manage Non-Admin Type Users

private-namespace-and-restricted-rbac pod-security-policies enable-pod-security-policy-checking disable-pod-security-policy-checking assign-pod-security-policies resource-management pod-security-admission-controller-8e9e6994100f

SSH User Authentication Using Windows Active Directory

sssd-support-5fb6c4b0320b

K8S API User Authentication Using LDAP Server

overview-of-ldap-servers centralized-vs-distributed-oidc-auth-setup configure-kubernetes-for-oidc-token-validation-while-bootstrapping-the-system configure-kubernetes-for-oidc-token-validation-after-bootstrapping-the-system configure-oidc-auth-applications configure-users-groups-and-authorization configure-kubernetes-client-access deprovision-ldap-server-authentication

Firewall Options

security-default-firewall-rules security-firewall-options

HTTPS Certificate Management

https-access-overview utility-script-to-display-certificates etcd-certificates-c1fc943e4a9c kubernetes-certificates-f4196d7cae9c starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834 local-ldap-certificates-4e1df1e39341 configure-rest-api-apps-and-web-admin-server-certs-after-inst-6816457ab95f configure-docker-registry-certificate-after-installation-c519edbfe90a oidc-client-dex-server-certificates-dc174462d51a migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d portieris-server-certificate-a0c7054844bd vault-server-certificate-8573125eeea6 dc-admin-endpoint-certificates-8fe7adf3f932 add-a-trusted-ca alarm-expiring-soon-and-expired-certificates-baf5b8f73009

Cert Manager

security-cert-manager the-cert-manager-bootstrap-process cert-manager-post-installation-setup

Portieris Admission Controller

portieris-overview install-portieris portieris-clusterimagepolicy-and-imagepolicy-configuration remove-portieris

Vault Secret and Data Management

security-vault-overview install-vault configure-vault configure-vault-using-the-cli remove-vault

Encrypt Kubernetes Secret Data at Rest

encrypt-kubernetes-secret-data-at-rest

Linux Auditing System

auditd-support-339a51d8ce16

AppArmor

about-apparmor-ebdab8f1ed87 enable-disable-apparmor-on-a-host-63a7a184d310 enable-disable-apparmor-on-a-host-using-horizon-a318ab726396 install-security-profiles-operator-1b2f9a0f0108 profile-management-a8df19c86a5d apply-a-profile-to-a-pod-c2fa4d958dec enable-apparmor-log-bb600560d794 author-apparmor-profiles-b02de0a22771

Operator Login/Authentication Logging

operator-login-authentication-logging

Operator Command Logging

operator-command-logging kubernetes-operator-command-logging-663fce5d74e7

UEFI Secure Boot

overview-of-uefi-secure-boot use-uefi-secure-boot

Authentication of Software Delivery

authentication-of-software-delivery

CVE Maintenance

cve-maintenance-723cd9dd54b3

Security Feature Configuration for Spectre and Meltdown

security-feature-configuration-for-spectre-and-meltdown

Deprecated Functionality

starlingx-rest-api-applications-and-the-web-administration-server-deprecated security-install-update-the-docker-registry-certificate-deprecated

Appendix: Locally creating certificates

create-certificates-locally-using-openssl create-certificates-locally-using-cert-manager-on-the-controller