Security

Kubernetes

StarlingX security encompasses a broad number of features.

• TLS support on all external interfaces

• Kubernetes service accounts and RBAC policies for authentication and authorization of Kubernetes API / CLI / GUI

• Encryption of Kubernetes Secret Data at Rest

• Keystone authentication and authorization of StarlingX API / CLI / GUI

• Barbican is used to securely store secrets such as BMC user passwords

• Networking policies / Firewalls on external APIs

• UEFI secureboot

• Signed software updates

Contents:

• Contents
  • System Accounts
  • Access the System
  • Manage Non-Admin Type Users
  • User Authentication Using Windows Active Directory
  • Firewall Options
  • HTTPS Certificate Management
  • Cert Manager
  • Portieris Admission Controller
  • Vault Secret and Data Management
  • Encrypt Kubernetes Secret Data at Rest
  • Operator Login/Authentication Logging
  • Operator Command Logging
  • UEFI Secure Boot
  • Authentication of Software Delivery
  • Security Feature Configuration for Spectre and Meltdown
  • Security Hardening Guidelines
  • Appendix: Locally creating certificates

OpenStack

• Contents
• Access the System
  • Overview
  • Access Using the Default Set-up
  • Use Local CLIs
  • Update the Domain Name
  • Configure Remote CLIs
  • Use Container-backed Remote CLIs and Clients
  • Install a Trusted CA Certificate
  • Install REST API and Horizon Certificate
  • OpenStack Keystone Accounts
  • Login Protection
  • System Account Password Rules