f85f77229a
Story: 2011084 Task: 50154 Change-Id: I34a70e6f2a68cb6617a16931f04edc92ccff0a93 Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
278 lines
6.3 KiB
ReStructuredText
278 lines
6.3 KiB
ReStructuredText
.. _index-security-kub-81153c1254c3:
|
|
|
|
.. include:: /_includes/toc-title-security-kub.rest
|
|
|
|
.. only:: partner
|
|
|
|
.. include:: /security/index-security-84d0d8aa401b.rst
|
|
:start-after: kub-begin
|
|
:end-before: kub-end
|
|
|
|
***************
|
|
System Accounts
|
|
***************
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
types-of-system-accounts
|
|
overview-of-system-accounts
|
|
keystone-accounts
|
|
remote-windows-active-directory-accounts
|
|
starlingx-system-accounts-system-account-password-rules
|
|
manage-local-ldap-39fe3a85a528
|
|
linux-accounts-password-3dcad436dce4
|
|
|
|
*****************
|
|
Access the System
|
|
*****************
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
configure-local-cli-access
|
|
remote-access-index
|
|
security-access-the-gui
|
|
security-rest-api-access
|
|
connect-to-container-registries-through-a-firewall-or-proxy
|
|
|
|
***************************
|
|
Manage Non-Admin Type Users
|
|
***************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
private-namespace-and-restricted-rbac
|
|
pod-security-policies
|
|
enable-pod-security-policy-checking
|
|
disable-pod-security-policy-checking
|
|
assign-pod-security-policies
|
|
resource-management
|
|
pod-security-admission-controller-8e9e6994100f
|
|
|
|
.. _user-authentication-using-windows-active-directory-security-index:
|
|
|
|
|
|
******************************************************
|
|
SSH User Authentication Using Windows Active Directory
|
|
******************************************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
sssd-support-5fb6c4b0320b
|
|
|
|
|
|
*********************************************
|
|
K8S API User Authentication Using LDAP Server
|
|
*********************************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
overview-of-ldap-servers
|
|
centralized-vs-distributed-oidc-auth-setup
|
|
configure-kubernetes-for-oidc-token-validation-while-bootstrapping-the-system
|
|
configure-kubernetes-for-oidc-token-validation-after-bootstrapping-the-system
|
|
configure-oidc-auth-applications
|
|
configure-users-groups-and-authorization
|
|
configure-kubernetes-client-access
|
|
deprovision-ldap-server-authentication
|
|
|
|
****************
|
|
Firewall Options
|
|
****************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
security-default-firewall-rules
|
|
security-firewall-options
|
|
|
|
****************************
|
|
HTTPS Certificate Management
|
|
****************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
https-access-overview
|
|
utility-script-to-display-certificates
|
|
etcd-certificates-c1fc943e4a9c
|
|
kubernetes-certificates-f4196d7cae9c
|
|
starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834
|
|
local-ldap-certificates-4e1df1e39341
|
|
configure-rest-api-apps-and-web-admin-server-certs-after-inst-6816457ab95f
|
|
configure-docker-registry-certificate-after-installation-c519edbfe90a
|
|
oidc-client-dex-server-certificates-dc174462d51a
|
|
migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d
|
|
portieris-server-certificate-a0c7054844bd
|
|
vault-server-certificate-8573125eeea6
|
|
dc-admin-endpoint-certificates-8fe7adf3f932
|
|
add-a-trusted-ca
|
|
alarm-expiring-soon-and-expired-certificates-baf5b8f73009
|
|
|
|
************
|
|
Cert Manager
|
|
************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
security-cert-manager
|
|
the-cert-manager-bootstrap-process
|
|
cert-manager-post-installation-setup
|
|
|
|
.. _portieris-admission-controller-security-index:
|
|
|
|
******************************
|
|
Portieris Admission Controller
|
|
******************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
portieris-overview
|
|
install-portieris
|
|
portieris-clusterimagepolicy-and-imagepolicy-configuration
|
|
remove-portieris
|
|
|
|
.. _vault-secret-and-data-management-security-index:
|
|
|
|
********************************
|
|
Vault Secret and Data Management
|
|
********************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
security-vault-overview
|
|
install-vault
|
|
configure-vault
|
|
configure-vault-using-the-cli
|
|
remove-vault
|
|
|
|
**************************************
|
|
Encrypt Kubernetes Secret Data at Rest
|
|
**************************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
encrypt-kubernetes-secret-data-at-rest
|
|
|
|
|
|
****************************************************************************
|
|
Partial Disk (Transparent) Encryption Support via Software Encryption (LUKS)
|
|
****************************************************************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
partial-disk-transparent-encryption-support-via-software-enc-27a570f3142c
|
|
|
|
*********************
|
|
Linux Auditing System
|
|
*********************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
auditd-support-339a51d8ce16
|
|
|
|
|
|
********
|
|
AppArmor
|
|
********
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
about-apparmor-ebdab8f1ed87
|
|
enable-disable-apparmor-on-a-host-63a7a184d310
|
|
enable-disable-apparmor-on-a-host-using-horizon-a318ab726396
|
|
install-security-profiles-operator-1b2f9a0f0108
|
|
profile-management-a8df19c86a5d
|
|
apply-a-profile-to-a-pod-c2fa4d958dec
|
|
enable-apparmor-log-bb600560d794
|
|
author-apparmor-profiles-b02de0a22771
|
|
|
|
|
|
*************************************
|
|
Operator Login/Authentication Logging
|
|
*************************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
operator-login-authentication-logging
|
|
|
|
************************
|
|
Operator Command Logging
|
|
************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
operator-command-logging
|
|
kubernetes-operator-command-logging-663fce5d74e7
|
|
|
|
****************
|
|
UEFI Secure Boot
|
|
****************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
overview-of-uefi-secure-boot
|
|
use-uefi-secure-boot
|
|
|
|
***********************************
|
|
Authentication of Software Delivery
|
|
***********************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
authentication-of-software-delivery
|
|
|
|
***************
|
|
CVE Maintenance
|
|
***************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
cve-maintenance-723cd9dd54b3
|
|
|
|
|
|
*******************************************************
|
|
Security Feature Configuration for Spectre and Meltdown
|
|
*******************************************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
security-feature-configuration-for-spectre-and-meltdown
|
|
|
|
************************
|
|
Deprecated Functionality
|
|
************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
starlingx-rest-api-applications-and-the-web-administration-server-deprecated
|
|
security-install-update-the-docker-registry-certificate-deprecated
|
|
|
|
|
|
***************************************
|
|
Appendix: Locally creating certificates
|
|
***************************************
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
create-certificates-locally-using-openssl
|
|
create-certificates-locally-using-cert-manager-on-the-controller
|