Security¶
Kubernetes¶
StarlingX security encompasses a broad number of features.
TLS support on all external interfaces
Kubernetes service accounts and RBAC policies for authentication and authorization of Kubernetes API / CLI / GUI
Encryption of Kubernetes Secret Data at Rest
Keystone authentication and authorization of StarlingX API / CLI / GUI
Barbican is used to securely store secrets such as BMC user passwords
Networking policies / Firewalls on external APIs
UEFI secureboot
Signed software updates
Contents:¶
- Contents
- System Accounts
- Access the System
- Manage Non-Admin Type Users
- User Authentication Using Windows Active Directory
- Firewall Options
- HTTPS Certificate Management
- Cert Manager
- Portieris Admission Controller
- Vault Secret and Data Management
- Encrypt Kubernetes Secret Data at Rest
- Linux Auditing System
- Operator Login/Authentication Logging
- Operator Command Logging
- UEFI Secure Boot
- Authentication of Software Delivery
- Security Feature Configuration for Spectre and Meltdown
- Security Hardening Guidelines
- Deprecated Functionality
- Appendix: Locally creating certificates