Skip to main content

Security controls to configure and secure the OCP container

Security controls to configure and secure the OCP container

1. Basic Security Measures:

  • Scanning Container images for Vulnerabilities.
  • Enabling Role-Based Access Control (RBAC) Running Application Containers as non-root.

2. A Kubernetes cluster consists of many components like Control Panel, Master Nodes, Worker Nodes, Pods, and it will be secured by following native security controls:

  • Securing Kubernetes Hosts - OOB to be customizable and user must turn on certain functionality to secure the cluster.
  • Control Network Access to Sensitive Ports.
  • Limit direct access to Kubernetes Nodes.
  • Controlling Access to the Kubernetes API.
  • Use Transport Layer Security - It will encrypt all traffic by default.
  • API Authentication - It has inbuilt mechanism for API server authentication.
  • APl Authorization - RBAC is a method of regulating access to network or cluster based on the roles of individual users within your organization.
  • Restrict access to Etcd - etcd is critical component which stores information on state and secrets, it will be protected differently from the rest of the cluster using in-built mechanism.
  • Control Access to the Kubelet - Kubelet exposes HTTPS endpoints, and it can be secured by enabling Kubelet authentication and authorization.

3. Ensure that only authorized images are used in your environment. In MAS 8 or MAS 9 point of view, it will fetch all images based on entitlement key.

  • Use container registry and the use of an image scanner to identify vulnerabilities.
  • Use minimal base images and avoid unnecessary components. Again, it always pulls images based on Entitlement Key.
  • Implement continuous Security Vulnerabilities scanning.
  • Access the privileges used by containers.
  • Define audit policies.

Comments

Post a Comment

Popular posts from this blog

Maximo vs Maximo Application Suite 8 Vs Maximo Application Suite 9

Maximo 7.6.1.3 vs MAS 8 Vs MAS 9 User Interface Maximo 7.6.1.3 : Classic UI with traditional navigation and layout. MAS 8 : Common user interface with updated navigation, including slide-out menus and quick launch options. MAS 9 : Enhanced user interface with improved navigation, multi-page dashboards, and more intuitive design. Architecture Maximo 7.6.1.3 : Traditional architecture with on-premises deployment. MAS 8 : Transition to Kubernetes container platform for more scalable and flexible deployment. MAS 9 : Improved Kubernetes platform with better resource management and scalability. Licensing Model Maximo 7.6.1.3 : Named license model with fixed user licenses. MAS 8 : Introduction of AppPoints, a flexible licensing model based on application usage. MAS 9 : Enhanced AppPoints model with more flexibility and options for different user roles. Asset Management Products Maximo 7.6.1.3 : Multiple EAM products bundled in one suite. MAS 8 : Expanded EAM products with additional features ...
2 comments
Read more

MAS Installation - 4 Steps Process

High Level MAS Installation process Step 1: Machines ready with required sizing (Jump Host, Bastion VM , Worker Nodes and Master Nodes) Step 2: Install RHCOS in all Worker and Master Nodes. Step 3: Cluster Installation Methods               Assisted Installer - No Bastion and Boostrap               IPI - Automation covers to entire installation               UPI - Existing VMs  or Bare metal (Need to Build   Network , Load Balancer , Configure DNS,H/W Provision, OS Installation and Generate Ignition Configuration) Step 4: MAS Installation (Core and Manage)             Manual :                   IBM passport advantage                   Channel Subscription                   Operator ...
1 comment
Read more

Kubernetes Core Components and Terminologies

Kubernetes Core Components and Terminologies Kubernetes, as a robust container orchestration platform, offers a rich ecosystem of components to simplify application deployment and management. Below is an expanded overview of the most important Kubernetes terminologies, providing deeper insights into their functionality. 1. Job: Managing Batch Workloads A Job in Kubernetes ensures that a specified number of Pods execute tasks to completion. Once the tasks are completed, the Pods terminate, making Jobs ideal for one-time or batch processing tasks. Key Use Cases : Data processing pipelines. Database migrations. Sending automated emails or notifications. Advanced Features : Parallel Jobs : Distribute tasks across multiple Pods for faster execution. Completion Policies : Define when a Job is considered successfully completed. 2. Namespace: Segregating Resources Namespaces are logical partitions within a Kubernetes cluster, designed to isolate resources among different teams, projects, or e...
Post a Comment
Read more