starlingx
/
docs
Code Issues Proposed changes
docs/doc/source/security/kubernetes
History
Ngairangbam Mili 93e265fbf3 Local/WAD ldap users sudo and local linux group assignment (stx 9.0) 
Added "sudo" and "sys_protected" privileges support for LDAP servers accessed using SSSD service

Story: 2010589
Task: 49410

Change-Id: Ia05edc04feb465c1b59a2a1e4cff26218b144788
Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
 		2024-02-28 15:30:12 +00:00
..
figures Changes for OS Level Access Controls with AppArmor (dsR8) 2023-05-02 15:20:45 -03:00
about-apparmor-ebdab8f1ed87.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
about-keystone-accounts.rst Updated references in "Manage Keystone Accounts" 2021-10-22 21:42:22 +00:00
add-a-trusted-ca.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
alarm-expiring-soon-and-expired-certificates-baf5b8f73009.rst Implement alarm parsing 2022-11-18 11:34:27 -05:00
apply-a-profile-to-a-pod-c2fa4d958dec.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
assign-pod-security-policies.rst Adding note of PSP removal from the project documentation 2023-07-17 08:35:10 -04:00
auditd-support-339a51d8ce16.rst Added auditd include File 2022-02-17 12:42:33 -05:00
authentication-of-software-delivery.rst Update Security 2021-04-01 16:02:36 -04:00
author-apparmor-profiles-b02de0a22771.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
centralized-oidc-authentication-setup-for-distributed-cloud.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
cert-manager-post-installation-setup.rst Editorial updates on Security Guide upstream 2021-06-02 12:28:10 -03:00
configure-docker-registry-certificate-after-installation-c519edbfe90a.rst Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 2023-11-07 15:03:24 +00:00
configure-horizon-user-lockout-on-failed-logins.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-http-and-https-ports-for-horizon-using-the-cli.rst Update Security 2021-04-01 16:02:36 -04:00
configure-kubectl-with-a-context-for-the-user.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-kubernetes-for-oidc-token-validation-after-bootstrapping-the-system.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-kubernetes-for-oidc-token-validation-while-bootstrapping-the-system.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-local-cli-access.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-oidc-auth-applications.rst Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 2023-11-07 15:03:24 +00:00
configure-remote-cli-access.rst Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 2023-11-07 15:03:24 +00:00
configure-remote-helm-client-for-non-admin-users.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-rest-api-apps-and-web-admin-server-certs-after-inst-6816457ab95f.rst Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 2023-11-07 15:03:24 +00:00
configure-the-keystone-token-expiration-time.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-users-groups-and-authorization.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-vault-using-the-cli.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
configure-vault.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
connect-to-container-registries-through-a-firewall-or-proxy.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
create-an-admin-type-service-account.rst Update KubeVirt Windows VM 2022-12-21 07:19:46 -05:00
create-certificates-locally-using-cert-manager-on-the-controller.rst Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 2023-11-07 15:03:24 +00:00
create-certificates-locally-using-openssl.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
create-ldap-linux-accounts.rst Local/WAD ldap users sudo and local linux group assignment (stx 9.0) 2024-02-28 15:30:12 +00:00
cve-maintenance-723cd9dd54b3.rst Updated CVSS v3.x 2023-06-26 19:54:39 +00:00
dc-admin-endpoint-certificates-8fe7adf3f932.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
delete-ldap-linux-accounts-7de0782fbafd.rst Procedure for deleteing a ldap user (r8,dsR8) 2023-11-28 19:29:23 +00:00
deprovision-windows-active-directory-authentication.rst Updated OIDC service parameter names 2022-11-18 16:02:05 -03:00
disable-pod-security-policy-checking.rst Adding note of PSP removal from the project documentation 2023-07-17 08:35:10 -04:00
enable-apparmor-log-bb600560d794.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
enable-disable-apparmor-on-a-host-63a7a184d310.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
enable-disable-apparmor-on-a-host-using-horizon-a318ab726396.rst Changes for OS Level Access Controls with AppArmor (dsR8) 2023-05-02 15:20:45 -03:00
enable-https-access-for-starlingx-rest-and-web-server-endpoints.rst Replaced relase version to nn.nn 2021-06-14 20:16:28 -03:00
enable-pod-security-policy-checking.rst Adding note of PSP removal from the project documentation 2023-07-17 08:35:10 -04:00
enable-public-use-of-the-cert-manager-acmesolver-image.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
enable-the-use-of-cert-manager-apis-by-an-arbitrary-user.rst Security guide update 2021-03-12 15:10:40 -05:00
enable-use-of-cert-manager-acmesolver-image-in-a-particular-namespace.rst Replace container tags 2023-01-30 10:19:18 -05:00
encrypt-kubernetes-secret-data-at-rest.rst Security guide update 2021-03-12 15:10:40 -05:00
estabilish-credentials-for-linux-user-accounts.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
establish-keystone-credentials-from-a-linux-account.rst Fix broken links (dsR8) 2023-10-05 21:27:32 +00:00
etcd-certificates-c1fc943e4a9c.rst Spelling and typo fixes 2022-08-16 16:19:27 -04:00
firewall-port-overrides.rst Security guide update 2021-03-12 15:10:40 -05:00
https-access-overview.rst Certificate changes from R8 fixed in master 2023-11-03 13:17:37 +00:00
index-security-kub-81153c1254c3.rst Local/WAD ldap users sudo and local linux group assignment (stx 9.0) 2024-02-28 15:30:12 +00:00
install-portieris.rst Platform Application Components Up-version - Portieris (dsR8) 2023-05-05 11:10:41 -03:00
install-security-profiles-operator-1b2f9a0f0108.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
install-the-kubernetes-dashboard.rst Fix broken links (dsR8) 2023-10-05 21:27:32 +00:00
install-update-the-starlingx-rest-and-web-server-certificate.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
install-vault.rst vault chart version. 2023-12-11 03:13:30 +00:00
keystone-account-authentication.rst Security guide update 2021-03-12 15:10:40 -05:00
keystone-account-roles-64098d1abdc1.rst Support for reader role: creation of a new doc 2022-12-09 10:17:32 -03:00
keystone-accounts.rst Support for reader role: creation of a new doc 2022-12-09 10:17:32 -03:00
keystone-security-compliance-configuration-b149adca6a7f.rst Platform keystone password rule configuration 2021-11-23 10:28:19 -03:00
kube-service-account.rst Editorial updates on Security Guide upstream 2021-06-02 12:28:10 -03:00
kubernetes-certificates-f4196d7cae9c.rst HTTPS cert updates 2023-07-24 11:51:39 +00:00
kubernetes-cli-from-local-ldap-linux-account-login.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
kubernetes-operator-command-logging-663fce5d74e7.rst Security Audit Logging of K8S API 2022-06-23 10:35:27 -03:00
kubernetes-root-ca-certificate-update-cloud-orchestration-a627f9d02d6d.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
kubernetes-root-ca-certificate.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
local-ldap-certificates-4e1df1e39341.rst Local/WAD ldap users sudo and local linux group assignment (stx 9.0) 2024-02-28 15:30:12 +00:00
local-ldap-linux-user-accounts.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
manage-keystone-accounts.rst Updated references in "Manage Keystone Accounts" 2021-10-22 21:42:22 +00:00
manage-local-ldap-39fe3a85a528.rst Update and fix LDAP playbook documentation 2023-07-18 17:30:42 -03:00
manual-kubernetes-root-ca-certificate-update-8e9df2cd7fb9.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d.rst Recommend 'localhost' always to be targeted by cert-manager migration playbook's execution (rs8, ds8) 2023-11-13 09:25:09 +00:00
obtain-the-authentication-token-using-the-browser.rst Update Security 2021-04-01 16:02:36 -04:00
obtain-the-authentication-token-using-the-oidc-auth-shell-script.rst OIDC script updates 2022-01-10 14:05:58 -05:00
oidc-client-dex-server-certificates-dc174462d51a.rst Cert-Manager Use for StarlingX Platform Services 2021-12-14 11:30:07 -05:00
one-single-root-ca-multiple-server-client-certificates-0692df6ce16d.unused HTTPS cert updates 2023-07-24 11:51:39 +00:00
operator-command-logging.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
operator-login-authentication-logging.rst Update Log File Path for Horizon (dsR8) 2023-10-31 13:31:31 +00:00
overview-of-system-accounts.rst Procedure for deleteing a ldap user (r8,dsR8) 2023-11-28 19:29:23 +00:00
overview-of-uefi-secure-boot.rst Security guide update 2021-03-12 15:10:40 -05:00
overview-of-windows-active-directory.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
password-recovery-for-linux-user-accounts.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
password-recovery.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
pod-security-admission-controller-8e9e6994100f.rst Update Pod Security Admission Controller for k8s 1.24 2022-12-07 18:05:50 -03:00
pod-security-policies.rst Adding note of PSP removal from the project documentation 2023-07-17 08:35:10 -04:00
portieris-clusterimagepolicy-and-imagepolicy-configuration.rst Platform Application Components Up-version - Portieris (dsR8) 2023-05-05 11:10:41 -03:00
portieris-overview.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
portieris-server-certificate-a0c7054844bd.rst Portieris Server Certificate Renewal Policy (r6,dsR6) 2022-08-31 20:09:43 +00:00
private-namespace-and-restricted-rbac.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
profile-management-a8df19c86a5d.rst AppArmor Support (dsR8) 2023-04-25 15:53:17 -03:00
remote-access-for-linux-accounts.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
remote-access-index.rst Added content related to Helm v3 2021-05-12 11:36:53 -03:00
remote-windows-active-directory-accounts.rst Updates on Certificate Management (pick) 2021-11-09 17:54:11 -03:00
remove-portieris.rst Platform Application Components Up-version - Portieris (dsR8) 2023-05-05 11:10:41 -03:00
remove-vault.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
resource-management.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
security-access-the-gui.rst Fix broken links (dsR8) 2023-10-05 21:27:32 +00:00
security-cert-manager.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
security-configure-container-backed-remote-clis-and-clients.rst Replace |prod| (r8, r7, r6, dsR8, dsR7, dsR6) 2023-10-30 15:55:23 +00:00
security-default-firewall-rules.rst Input for L3 Firewall for all WRCP Platform Interfaces (dsr8) 2023-09-22 11:43:48 +00:00
security-feature-configuration-for-spectre-and-meltdown.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
security-firewall-options.rst Input for L3 Firewall for all WRCP Platform Interfaces (dsr8) 2023-09-22 11:43:48 +00:00
security-install-kubectl-and-helm-clients-directly-on-a-host.rst KubeVirt/CDI introduction 2022-12-16 19:32:48 -05:00
security-install-update-the-docker-registry-certificate-deprecated.rst Added RSA Key length (dsr8) 2023-06-28 04:44:19 +00:00
security-rest-api-access.rst Security guide update 2021-03-12 15:10:40 -05:00
security-vault-overview.rst Merge "Vault updates (r8,dsR8)" 2023-04-19 20:31:06 +00:00
sssd-support-5fb6c4b0320b.rst Local/WAD ldap users sudo and local linux group assignment (stx 9.0) 2024-02-28 15:30:12 +00:00
starlingx-openstack-kubernetes-from-stsadmin-account-login.rst Updates on Certificate Management (pick) 2021-11-09 17:54:11 -03:00
starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834.rst HTTPS cert updates 2023-07-24 11:51:39 +00:00
starlingx-rest-api-applications-and-the-web-administration-server-deprecated.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
starlingx-system-accounts-system-account-password-rules.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
the-cert-manager-bootstrap-process.rst Platform Application Components updates ingress-nginx 2022-06-23 09:41:59 -03:00
the-sysadmin-account.rst Generic CentOS > Debian updates 2022-12-15 21:14:05 +00:00
types-of-system-accounts.rst Editorial updates on Security Guide upstream 2021-06-02 12:28:10 -03:00
update-renew-kubernetes-certificates-52b00bd0bdae.rst Updates on K8S Root CA Certificate managed by cert-manager 2021-12-13 01:33:32 -03:00
use-uefi-secure-boot.rst Reformat file (r8, r7, r6. r5, dsR8, dsR7, dsR6) 2023-08-11 14:01:21 +00:00
using-container-backed-remote-clis-and-clients.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00
utility-script-to-display-certificates.rst HTTPS cert updates 2023-07-24 11:51:39 +00:00
vault-server-certificate-8573125eeea6.rst Remove spurious escapes (r8,dsR8) 2023-03-01 11:19:04 +00:00