starlingx
/
docs
Code Issues Proposed changes
docs/doc/source/security/kubernetes
History
Joao Victor Portal 191b184763 Review K8s local and remote auth instructions (cherry pick to stx 9.0) 
This change replaces the usage of Service Tokens by OIDC tokens in the
instructions of Kubernetes cluster local and remote access. Some other
changes were made, like the deletion of redundant pages.

Story: 2010738
Task: 49561

Change-Id: Ie8206ecd316efd356a5889899a68f9a9ddbcdfa6
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
 		2024-03-11 10:51:09 -03:00
..
figures Changes for OS Level Access Controls with AppArmor (dsR8) 2023-05-02 15:20:45 -03:00
about-apparmor-ebdab8f1ed87.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
about-keystone-accounts.rst Updated references in "Manage Keystone Accounts" 2021-10-22 21:42:22 +00:00
add-a-trusted-ca.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
alarm-expiring-soon-and-expired-certificates-baf5b8f73009.rst Implement alarm parsing 2022-11-18 11:34:27 -05:00
apply-a-profile-to-a-pod-c2fa4d958dec.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
assign-pod-security-policies.rst Adding note of PSP removal from the project documentation 2023-07-17 08:35:10 -04:00
auditd-support-339a51d8ce16.rst Added auditd include File 2022-02-17 12:42:33 -05:00
authentication-of-software-delivery.rst Update Security 2021-04-01 16:02:36 -04:00
author-apparmor-profiles-b02de0a22771.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
centralized-vs-distributed-oidc-auth-setup.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
cert-manager-post-installation-setup.rst Editorial updates on Security Guide upstream 2021-06-02 12:28:10 -03:00
configure-docker-registry-certificate-after-installation-c519edbfe90a.rst Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 2023-11-07 15:03:24 +00:00
configure-horizon-user-lockout-on-failed-logins.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-http-and-https-ports-for-horizon-using-the-cli.rst Update Security 2021-04-01 16:02:36 -04:00
configure-kubernetes-client-access.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
configure-kubernetes-for-oidc-token-validation-after-bootstrapping-the-system.rst Updated OIDC app docs 2024-01-29 19:14:14 -03:00
configure-kubernetes-for-oidc-token-validation-while-bootstrapping-the-system.rst Updated OIDC app docs 2024-01-29 19:14:14 -03:00
configure-local-cli-access.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-oidc-auth-applications.rst Fixing issues in include 2024-02-28 18:11:21 +00:00
configure-remote-cli-access.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
configure-rest-api-apps-and-web-admin-server-certs-after-inst-6816457ab95f.rst Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 2023-11-07 15:03:24 +00:00
configure-the-keystone-token-expiration-time.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-users-groups-and-authorization.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
configure-vault-using-the-cli.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-vault.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
connect-to-container-registries-through-a-firewall-or-proxy.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
create-certificates-locally-using-cert-manager-on-the-controller.rst Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 2023-11-07 15:03:24 +00:00
create-certificates-locally-using-openssl.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
create-ldap-linux-accounts.rst Local/WAD ldap users sudo and local linux group assignment (stx 9.0) 2024-02-28 15:30:12 +00:00
create-ldap-linux-groups-4c94045f8ee0.rst Add doc to create and manage LDAP Linux groups 2024-02-08 18:33:46 +00:00
cve-maintenance-723cd9dd54b3.rst Updated CVSS v3.x 2023-06-26 19:54:39 +00:00
dc-admin-endpoint-certificates-8fe7adf3f932.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
delete-ldap-linux-accounts-7de0782fbafd.rst Update procedure for deleting ldap user (r8,dsR8) 2024-03-07 13:42:53 +00:00
deprovision-ldap-server-authentication.rst Updated OIDC app docs 2024-01-29 19:14:14 -03:00
disable-pod-security-policy-checking.rst Adding note of PSP removal from the project documentation 2023-07-17 08:35:10 -04:00
enable-apparmor-log-bb600560d794.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
enable-disable-apparmor-on-a-host-63a7a184d310.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
enable-disable-apparmor-on-a-host-using-horizon-a318ab726396.rst Changes for OS Level Access Controls with AppArmor (dsR8) 2023-05-02 15:20:45 -03:00
enable-https-access-for-starlingx-rest-and-web-server-endpoints.rst Replaced relase version to nn.nn 2021-06-14 20:16:28 -03:00
enable-pod-security-policy-checking.rst Adding note of PSP removal from the project documentation 2023-07-17 08:35:10 -04:00
enable-public-use-of-the-cert-manager-acmesolver-image.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
enable-the-use-of-cert-manager-apis-by-an-arbitrary-user.rst Security guide update 2021-03-12 15:10:40 -05:00
enable-use-of-cert-manager-acmesolver-image-in-a-particular-namespace.rst Replace container tags 2023-01-30 10:19:18 -05:00
encrypt-kubernetes-secret-data-at-rest.rst Security guide update 2021-03-12 15:10:40 -05:00
estabilish-credentials-for-linux-user-accounts.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
establish-keystone-credentials-from-a-linux-account.rst Fix broken links (dsR8) 2023-10-05 21:27:32 +00:00
etcd-certificates-c1fc943e4a9c.rst Spelling and typo fixes 2022-08-16 16:19:27 -04:00
firewall-port-overrides.rst Security guide update 2021-03-12 15:10:40 -05:00
https-access-overview.rst Certificate changes from R8 fixed in master 2023-11-03 13:17:37 +00:00
index-security-kub-81153c1254c3.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
install-portieris.rst Platform Application Components Up-version - Portieris (dsR8) 2023-05-05 11:10:41 -03:00
install-security-profiles-operator-1b2f9a0f0108.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
install-the-kubernetes-dashboard.rst Fix broken links (dsR8) 2023-10-05 21:27:32 +00:00
install-update-the-starlingx-rest-and-web-server-certificate.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
install-vault.rst vault chart version. 2023-12-11 03:13:30 +00:00
keystone-account-authentication.rst Security guide update 2021-03-12 15:10:40 -05:00
keystone-account-roles-64098d1abdc1.rst Support for reader role: creation of a new doc 2022-12-09 10:17:32 -03:00
keystone-accounts.rst Support for reader role: creation of a new doc 2022-12-09 10:17:32 -03:00
keystone-security-compliance-configuration-b149adca6a7f.rst Platform keystone password rule configuration 2021-11-23 10:28:19 -03:00
kubernetes-certificates-f4196d7cae9c.rst HTTPS cert updates 2023-07-24 11:51:39 +00:00
kubernetes-cli-from-local-ldap-linux-account-login.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
kubernetes-operator-command-logging-663fce5d74e7.rst Security Audit Logging of K8S API 2022-06-23 10:35:27 -03:00
kubernetes-root-ca-certificate-update-cloud-orchestration-a627f9d02d6d.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
kubernetes-root-ca-certificate.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
local-ldap-certificates-4e1df1e39341.rst Local/WAD ldap users sudo and local linux group assignment (stx 9.0) 2024-02-28 15:30:12 +00:00
local-ldap-linux-user-accounts.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
manage-keystone-accounts.rst Updated references in "Manage Keystone Accounts" 2021-10-22 21:42:22 +00:00
manage-local-ldap-39fe3a85a528.rst Update and fix LDAP playbook documentation 2023-07-18 17:30:42 -03:00
manual-kubernetes-root-ca-certificate-update-8e9df2cd7fb9.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d.rst Cert-manager migration playbook rename 2024-01-19 20:37:36 +00:00
oidc-client-dex-server-certificates-dc174462d51a.rst Cert-Manager Use for StarlingX Platform Services 2021-12-14 11:30:07 -05:00
one-single-root-ca-multiple-server-client-certificates-0692df6ce16d.unused HTTPS cert updates 2023-07-24 11:51:39 +00:00
operator-command-logging.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
operator-login-authentication-logging.rst Update Log File Path for Horizon (dsR8) 2023-10-31 13:31:31 +00:00
overview-of-ldap-servers.rst Updated OIDC app docs 2024-01-29 19:14:14 -03:00
overview-of-system-accounts.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
overview-of-uefi-secure-boot.rst Security guide update 2021-03-12 15:10:40 -05:00
password-recovery-for-linux-user-accounts.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
password-recovery.rst Quotation include file fixing 2024-02-14 16:00:53 +00:00
pod-security-admission-controller-8e9e6994100f.rst Update Pod Security Admission Controller for k8s 1.24 2022-12-07 18:05:50 -03:00
pod-security-policies.rst Adding note of PSP removal from the project documentation 2023-07-17 08:35:10 -04:00
portieris-clusterimagepolicy-and-imagepolicy-configuration.rst Platform Application Components Up-version - Portieris (dsR8) 2023-05-05 11:10:41 -03:00
portieris-overview.rst Removed warning about Portieris on Kubernetes 1.22 and 1.23 (r8, dsr8) 2024-02-27 17:26:06 +00:00
portieris-server-certificate-a0c7054844bd.rst Portieris Server Certificate Renewal Policy (r6,dsR6) 2022-08-31 20:09:43 +00:00
private-namespace-and-restricted-rbac.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
profile-management-a8df19c86a5d.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
remote-access-for-linux-accounts.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
remote-access-index.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
remote-windows-active-directory-accounts.rst Updated OIDC app docs 2024-01-29 19:14:14 -03:00
remove-portieris.rst Platform Application Components Up-version - Portieris (dsR8) 2023-05-05 11:10:41 -03:00
remove-vault.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
resource-management.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
security-access-the-gui.rst Fix broken links (dsR8) 2023-10-05 21:27:32 +00:00
security-cert-manager.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
security-configure-container-backed-remote-clis-and-clients.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
security-default-firewall-rules.rst Input for L3 Firewall for all WRCP Platform Interfaces (dsr8) 2023-09-22 11:43:48 +00:00
security-feature-configuration-for-spectre-and-meltdown.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
security-firewall-options.rst Input for L3 Firewall for all WRCP Platform Interfaces (dsr8) 2023-09-22 11:43:48 +00:00
security-install-kubectl-and-helm-clients-directly-on-a-host.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
security-install-update-the-docker-registry-certificate-deprecated.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
security-rest-api-access.rst Security guide update 2021-03-12 15:10:40 -05:00
security-vault-overview.rst Merge "Vault updates (r8,dsR8)" 2023-04-19 20:31:06 +00:00
sssd-support-5fb6c4b0320b.rst Local/WAD ldap users sudo and local linux group assignment (stx 9.0) 2024-02-28 15:30:12 +00:00
starlingx-openstack-kubernetes-from-stsadmin-account-login.rst Updates on Certificate Management (pick) 2021-11-09 17:54:11 -03:00
starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834.rst Cert-manager migration playbook rename 2024-01-19 20:37:36 +00:00
starlingx-rest-api-applications-and-the-web-administration-server-deprecated.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
starlingx-system-accounts-system-account-password-rules.rst Quotation include file fixing 2024-02-14 16:00:53 +00:00
the-cert-manager-bootstrap-process.rst Platform Application Components updates ingress-nginx 2022-06-23 09:41:59 -03:00
the-sysadmin-account.rst Generic CentOS > Debian updates 2022-12-15 21:14:05 +00:00
types-of-system-accounts.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
update-renew-kubernetes-certificates-52b00bd0bdae.rst Updates on K8S Root CA Certificate managed by cert-manager 2021-12-13 01:33:32 -03:00
use-uefi-secure-boot.rst Reformat file (r8, r7, r6. r5, dsR8, dsR7, dsR6) 2023-08-11 14:01:21 +00:00
using-container-backed-remote-clis-and-clients.rst Review K8s local and remote auth instructions (cherry pick to stx 9.0) 2024-03-11 10:51:09 -03:00
utility-script-to-display-certificates.rst HTTPS cert updates 2023-07-24 11:51:39 +00:00
vault-server-certificate-8573125eeea6.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00