Skip to main content

Security controls to configure and secure the OCP container

Security controls to configure and secure the OCP container

1. Basic Security Measures:

  • Scanning Container images for Vulnerabilities.
  • Enabling Role-Based Access Control (RBAC) Running Application Containers as non-root.

2. A Kubernetes cluster consists of many components like Control Panel, Master Nodes, Worker Nodes, Pods, and it will be secured by following native security controls:

  • Securing Kubernetes Hosts - OOB to be customizable and user must turn on certain functionality to secure the cluster.
  • Control Network Access to Sensitive Ports.
  • Limit direct access to Kubernetes Nodes.
  • Controlling Access to the Kubernetes API.
  • Use Transport Layer Security - It will encrypt all traffic by default.
  • API Authentication - It has inbuilt mechanism for API server authentication.
  • APl Authorization - RBAC is a method of regulating access to network or cluster based on the roles of individual users within your organization.
  • Restrict access to Etcd - etcd is critical component which stores information on state and secrets, it will be protected differently from the rest of the cluster using in-built mechanism.
  • Control Access to the Kubelet - Kubelet exposes HTTPS endpoints, and it can be secured by enabling Kubelet authentication and authorization.

3. Ensure that only authorized images are used in your environment. In MAS 8 or MAS 9 point of view, it will fetch all images based on entitlement key.

  • Use container registry and the use of an image scanner to identify vulnerabilities.
  • Use minimal base images and avoid unnecessary components. Again, it always pulls images based on Entitlement Key.
  • Implement continuous Security Vulnerabilities scanning.
  • Access the privileges used by containers.
  • Define audit policies.

Comments

Post a Comment

Popular posts from this blog

Key Roles and Career Opportunities in IBM Maximo and Maximo Application Suite (MAS 8)

Exploring Roles in the Maximo and MAS 8: Maximo Functional Consultant Key Responsibilities : Understand and document stakeholders needs. Customize Maximo/MAS for client requirements. Create workflows, reports, and user interfaces. Train and support end-users. Test configurations and troubleshoot issues Career Path :   Senior Functional Consultant, Solution Architect, Project Manager Maximo Technical Consultant Key Responsibilities: Install, configure, and upgrade Maximo and MAS. Perform system integrations with other enterprise applications. Configure and customize Maximo/MAS applications using Java, Python, and scripting. Optimize system performance and ensure reliability. Provide technical support and troubleshooting. Career Path: Senior Technical Consultant, Technical Lead, MAS/Maximo Architect MAS Specialist Key Responsibilities: Implement and configure MAS 8. Work with OpenShift and Cloud platforms for MAS deployment. Optimize MAS solutions for specific client needs. Monitor a...
Post a Comment
Read more

Maximo vs Maximo Application Suite 8 Vs Maximo Application Suite 9

Maximo 7.6.1.3 vs MAS 8 Vs MAS 9 User Interface Maximo 7.6.1.3 : Classic UI with traditional navigation and layout. MAS 8 : Common user interface with updated navigation, including slide-out menus and quick launch options. MAS 9 : Enhanced user interface with improved navigation, multi-page dashboards, and more intuitive design. Architecture Maximo 7.6.1.3 : Traditional architecture with on-premises deployment. MAS 8 : Transition to Kubernetes container platform for more scalable and flexible deployment. MAS 9 : Improved Kubernetes platform with better resource management and scalability. Licensing Model Maximo 7.6.1.3 : Named license model with fixed user licenses. MAS 8 : Introduction of AppPoints, a flexible licensing model based on application usage. MAS 9 : Enhanced AppPoints model with more flexibility and options for different user roles. Asset Management Products Maximo 7.6.1.3 : Multiple EAM products bundled in one suite. MAS 8 : Expanded EAM products with additional features ...
2 comments
Read more

Automation Script (Action Launch Point) - Extracting 16-Digit Numbers with Specific Patterns

Automation Script - Extracting 16-Digit Numbers with Specific Patterns Set the escalation to read the script. The script takes input from the Long Description, finds the 16-digit numbers from that string with the mentioned pattern, and then sets those numbers to the Summary (in the SR application) Step 1: Create script with action launch point having two variables (IN, OUT).          Script Code       --------------       # Find 16 Digit numbers from Long Description and Set all 16 Digit Numbers in Summary           from java.lang import Runtime from java.util.regex import Matcher from java.util.regex import Pattern descript='' longdesc1='' # Find the patterns of 16 Digit numbers from String and Set that 16 digit numbers into summary pp1 = Pattern.compile("((\d{4})-(\d{4})-(\d{4})-(\d{4}))|((\d{4}) (\d{4}) (\d{4}) (\d{4}))|(\\b\\d{16}\\b)" ) m1= pp1.matcher(longdesc) while(m1.find()):  longdesc1=...
Post a Comment
Read more