3c5fa979a4
Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com>
35 lines
704 B
ReStructuredText
35 lines
704 B
ReStructuredText
========
|
|
Security
|
|
========
|
|
|
|
----------
|
|
Kubernetes
|
|
----------
|
|
|
|
|prod-long| security encompasses a broad number of features.
|
|
|
|
|
|
.. _overview-of-starlingx-security-ul-ezc-k5f-p3b:
|
|
|
|
- |TLS| support on all external interfaces
|
|
|
|
- Kubernetes service accounts and |RBAC| policies for authentication and
|
|
authorization of Kubernetes API / CLI / GUI
|
|
|
|
- Encryption of Kubernetes Secret Data at Rest
|
|
|
|
- Keystone authentication and authorization of StarlingX API / CLI / GUI
|
|
|
|
- Barbican is used to securely store secrets such as BMC user passwords
|
|
|
|
- Networking policies / Firewalls on external APIs
|
|
|
|
- |UEFI| secureboot
|
|
|
|
- Signed software updates
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
kubernetes/index
|