Security

Kubernetes

StarlingX security encompasses a broad number of features.

• TLS support on all external interfaces

• Kubernetes service accounts and RBAC policies for authentication and authorization of Kubernetes API / CLI / GUI

• Encryption of Kubernetes Secret Data at Rest

• Keystone authentication and authorization of StarlingX API / CLI / GUI

• Barbican is used to securely store secrets such as BMC user passwords

• Networking policies / Firewalls on external APIs

• UEFI secureboot

• Signed software updates

Contents:

• Contents
  • UEFI Secure Boot
  • Firewall Management
  • Certificate Management
  • Cert Manager
  • User Management
  • Auditing
  • Container Image Integrity (Signature Validation)
  • Container AppArmor Profile
  • Encrypting Data at Rest
  • Software Delivery Integrity
  • IPsec on Management Network
  • CVE Maintenance
  • Security Feature Configuration for Spectre and Meltdown
  • Deprecated Functionality
  • Appendix: Locally creating certificates

OpenStack

• Contents
  • Keystone Accounts
  • Access the system
  • Install REST API and Horizon certificate