98d01b5049
Conditionalized use of "Contents" heading in Kubernetes and OpenStack subindexes. Make "Contents" a common include, overwritable per book Conditionally pull in kubernetes and OpenStack descriptions from each book index to kubernetes/index and openstack/index for partner use Deleted index.rs1 topics from DITA import Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: I857a1dbb567a0bf609b449e8260b2f8801a339fb Signed-off-by: Ron Stone <ronald.stone@windriver.com>
53 lines
856 B
ReStructuredText
53 lines
856 B
ReStructuredText
========
|
|
Security
|
|
========
|
|
|
|
----------
|
|
Kubernetes
|
|
----------
|
|
|
|
.. kub-begin
|
|
|
|
|prod-long| security encompasses a broad number of features.
|
|
|
|
.. _overview-of-starlingx-security-ul-ezc-k5f-p3b:
|
|
|
|
- |TLS| support on all external interfaces
|
|
|
|
- Kubernetes service accounts and |RBAC| policies for authentication and
|
|
authorization of Kubernetes API / CLI / GUI
|
|
|
|
- Encryption of Kubernetes Secret Data at Rest
|
|
|
|
- Keystone authentication and authorization of StarlingX API / CLI / GUI
|
|
|
|
- Barbican is used to securely store secrets such as BMC user passwords
|
|
|
|
- Networking policies / Firewalls on external APIs
|
|
|
|
- |UEFI| secureboot
|
|
|
|
- Signed software updates
|
|
|
|
.. kub-end
|
|
|
|
Contents:
|
|
---------
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
kubernetes/index
|
|
|
|
---------
|
|
OpenStack
|
|
---------
|
|
|
|
.. os-begin
|
|
|
|
.. os-end
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
openstack/index |