starlingx/docs
Code Issues Proposed changes
Files
31f084792cb5505b9340c8e7d4ef64aa4be1036e
docs/doc/source/security/kubernetes/index.rst
Adil bb5cf99f7b Added content related to Helm v3 
Included information from msg attached to Jira in
Edited content in Admin tasks and User tasks

Patch 1: worked on comments by Greg.

Patch 4: added User task to the correct branch

Patch 5: worked on feedback from Greg also in other topics
Edited content in: -helm client for non-admin users
		   -container backed remote clis and clients
		   -install kebectl and helm clients on a host

Patch 6: edited and added content in
 		   -helm client for non-admin users

Patch 7: Added content in: Configure remote CLI
			   Configure container-backed...
			   Use container-backed...

Patch 10: acted on Jim's comment and
	removed topic 'create, test, and terminate a ptp notification demo'
	removed links to this topic

Patch 11: acted on Greg's comments

Patch 12: acted on Greg's comments

Story: 2007000
Task: 42241

https://review.opendev.org/c/starlingx/docs/+/783891

Signed-off-by: Adil <mohamed.adilassakkali@windriver.com>

Change-Id: I9a5faf5549775593ddfd517d43412725d257b24f
2021-05-12 11:36:53 -03:00

329 lines
7.0 KiB
ReStructuredText
Raw Blame History

========
Contents
========
***************
System Accounts
***************
.. toctree::
:maxdepth: 1
types-of-system-accounts
overview-of-system-accounts
kube-service-account
keystone-accounts
remote-windows-active-directory-accounts
Linux User Accounts
*******************
.. toctree::
:maxdepth: 1
the-sysadmin-account
local-ldap-linux-user-accounts
create-ldap-linux-accounts
remote-access-for-linux-accounts
password-recovery-for-linux-user-accounts
establish-keystone-credentials-from-a-linux-account
estabilish-credentials-for-linux-user-accounts
starlingx-openstack-kubernetes-from-stsadmin-account-login
kubernetes-cli-from-local-ldap-linux-account-login
Kubernetes Service Accounts
***************************
.. toctree::
:maxdepth: 1
kubernetes-service-accounts
create-an-admin-type-service-account
Keystone Accounts
*****************
.. toctree::
:maxdepth: 1
about-keystone-accounts
keystone-account-authentication
manage-keystone-accounts
configure-the-keystone-token-expiration-time
password-recovery
Password Rules
**************
.. toctree::
:maxdepth: 1
starlingx-system-accounts-system-account-password-rules
*****************
Access the System
*****************
.. toctree::
:maxdepth: 2
configure-local-cli-access
remote-access-index
security-access-the-gui
configure-http-and-https-ports-for-horizon-using-the-cli
configure-horizon-user-lockout-on-failed-logins
install-the-kubernetes-dashboard
security-rest-api-access
connect-to-container-registries-through-a-firewall-or-proxy
***************************
Manage Non-Admin Type Users
***************************
.. toctree::
:maxdepth: 1
private-namespace-and-restricted-rbac
pod-security-policies
enable-pod-security-policy-checking
disable-pod-security-policy-checking
assign-pod-security-policies
resource-management
**************************************************
User Authentication Using Windows Active Directory
**************************************************
.. toctree::
:maxdepth: 1
overview-of-windows-active-directory
configure-kubernetes-for-oidc-token-validation-while-bootstrapping-the-system
configure-kubernetes-for-oidc-token-validation-after-bootstrapping-the-system
configure-oidc-auth-applications
centralized-oidc-authentication-setup-for-distributed-cloud
configure-users-groups-and-authorization
configure-kubectl-with-a-context-for-the-user
Obtain the Authentication Token
*******************************
.. toctree::
:maxdepth: 1
obtain-the-authentication-token-using-the-oidc-auth-shell-script
obtain-the-authentication-token-using-the-browser
Deprovision Windows Active Directory
************************************
.. toctree::
:maxdepth: 1
deprovision-windows-active-directory-authentication
****************
Firewall Options
****************
.. toctree::
:maxdepth: 1
security-firewall-options
security-default-firewall-rules
*************************
Secure HTTPS Connectivity
*************************
.. toctree::
:maxdepth: 1
https-access-overview
starlingx-rest-api-applications-and-the-web-administration-server
enable-https-access-for-starlingx-rest-and-web-server-endpoints
install-update-the-starlingx-rest-and-web-server-certificate
secure-starlingx-rest-and-web-certificates-private-key-storage-with-tpm
kubernetes-root-ca-certificate
security-install-update-the-docker-registry-certificate
add-a-trusted-ca
************
Cert Manager
************
.. toctree::
:maxdepth: 1
security-cert-manager
the-cert-manager-bootstrap-process
Post Installation Setup
***********************
.. toctree::
:maxdepth: 1
firewall-port-overrides
enable-public-use-of-the-cert-manager-acmesolver-image
enable-use-of-cert-manager-acmesolver-image-in-a-particular-namespace
enable-the-use-of-cert-manager-apis-by-an-arbitrary-user
******************************
Portieris Admission Controller
******************************
.. toctree::
:maxdepth: 1
portieris-overview
install-portieris
remove-portieris
portieris-clusterimagepolicy-and-imagepolicy-configuration
********************************
Vault Secret and Data Management
********************************
.. toctree::
:maxdepth: 1
security-vault-overview
install-vault
remove-vault
Configure Vault
***************
.. toctree::
:maxdepth: 1
configure-vault
configure-vault-using-the-cli
**************************************
Encrypt Kubernetes Secret Data at Rest
**************************************
.. toctree::
:maxdepth: 1
encrypt-kubernetes-secret-data-at-rest
*************************************
Operator Login/Authentication Logging
*************************************
.. toctree::
:maxdepth: 1
operator-login-authentication-logging
************************
Operator Command Logging
************************
.. toctree::
:maxdepth: 1
operator-command-logging
operator-login-authentication-logging
operator-command-logging
****************
UEFI Secure Boot
****************
.. toctree::
:maxdepth: 1
overview-of-uefi-secure-boot
use-uefi-secure-boot
***********************
Trusted Platform Module
***********************
.. toctree::
:maxdepth: 1
tpm-configuration-considerations
***********************************
Authentication of Software Delivery
***********************************
.. toctree::
:maxdepth: 1
authentication-of-software-delivery
*******************************************************
Security Feature Configuration for Spectre and Meltdown
*******************************************************
.. toctree::
:maxdepth: 1
security-feature-configuration-for-spectre-and-meltdown
***************************
Locally Create Certificates
***************************
.. toctree::
:maxdepth: 1
create-certificates-locally-using-openssl
create-certificates-locally-using-cert-manager-on-the-controller
*****************************
Security Hardening Guidelines
*****************************
.. toctree::
:maxdepth: 1
security-hardening-intro
Recommended Security Features with a Minimal Performance Impact
***************************************************************
.. toctree::
:maxdepth: 1
uefi-secure-boot
Secure System Accounts
**********************
.. toctree::
:maxdepth: 1
local-linux-account-for-sysadmin
local-and-ldap-linux-user-accounts
starlingx-accounts
web-administration-login-timeout
ssh-and-console-login-timeout
system-account-password-rules
Security Features
*****************
.. toctree::
:maxdepth: 1
secure-https-external-connectivity
security-hardening-firewall-options
isolate-starlingx-internal-cloud-management-network
***************************************
Appendix: Locally creating certifciates
***************************************
.. toctree::
:maxdepth: 1
creating-certificates-locally-using-cert-manager-on-the-controller
creating-certificates-locally-using-openssl
View Git Blame Copy Permalink