1b2c274e17
updated Patchset 5 comments Updated Patchset 4 comments Updated Patchset 1 comments Story: https://storyboard.openstack.org/#!/story/2009190 Task: 43396 Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Change-Id: I82bcb12060cfa0c0d4ed26b352d4d5391f66aa91 Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
5.2 KiB
partner
System Accounts
types-of-system-accounts overview-of-system-accounts kube-service-account keystone-accounts remote-windows-active-directory-accounts starlingx-system-accounts-system-account-password-rules
Access the System
configure-local-cli-access remote-access-index security-access-the-gui security-rest-api-access connect-to-container-registries-through-a-firewall-or-proxy
Manage Non-Admin Type Users
private-namespace-and-restricted-rbac pod-security-policies enable-pod-security-policy-checking disable-pod-security-policy-checking assign-pod-security-policies resource-management
User Authentication Using Windows Active Directory
overview-of-windows-active-directory configure-kubernetes-for-oidc-token-validation-while-bootstrapping-the-system configure-kubernetes-for-oidc-token-validation-after-bootstrapping-the-system configure-oidc-auth-applications centralized-oidc-authentication-setup-for-distributed-cloud configure-users-groups-and-authorization configure-kubectl-with-a-context-for-the-user
Obtain the Authentication Token
obtain-the-authentication-token-using-the-oidc-auth-shell-script obtain-the-authentication-token-using-the-browser
Deprovision Windows Active Directory
deprovision-windows-active-directory-authentication
Firewall Options
security-default-firewall-rules security-firewall-options
Secure HTTPS Connectivity
https-access-overview utility-script-to-display-certificates starlingx-rest-api-applications-and-the-web-administration-server kubernetes-root-ca-certificate security-install-update-the-docker-registry-certificate add-a-trusted-ca
Cert Manager
security-cert-manager the-cert-manager-bootstrap-process cert-manager-post-installation-setup
Portieris Admission Controller
portieris-overview install-portieris portieris-clusterimagepolicy-and-imagepolicy-configuration remove-portieris
Vault Secret and Data Management
security-vault-overview install-vault configure-vault configure-vault-using-the-cli remove-vault
Encrypt Kubernetes Secret Data at Rest
encrypt-kubernetes-secret-data-at-rest
Operator Login/Authentication Logging
operator-login-authentication-logging
Operator Command Logging
operator-command-logging
UEFI Secure Boot
overview-of-uefi-secure-boot use-uefi-secure-boot
Authentication of Software Delivery
authentication-of-software-delivery
Security Feature Configuration for Spectre and Meltdown
security-feature-configuration-for-spectre-and-meltdown
Security Hardening Guidelines
security-hardening-intro
Recommended Security Features with a Minimal Performance Impact
uefi-secure-boot
Secure System Accounts
local-linux-account-for-sysadmin local-and-ldap-linux-user-accounts starlingx-accounts web-administration-login-timeout ssh-and-console-login-timeout system-account-password-rules
Security Features
secure-https-external-connectivity security-hardening-firewall-options isolate-starlingx-internal-cloud-management-network
Appendix: Locally creating certificates
create-certificates-locally-using-openssl create-certificates-locally-using-cert-manager-on-the-controller