Power Developer eXchange A place for IBM Power open source developers to learn, collaborate, contribute, and create Join / Log in
As you define, build, and run your OpenShift Container Platform cluster, you should be aware of the rich security features available for your installation. We have curated a list of security and compliance focused resources on topics from configuring FIPS to using the Compliance Operator on the Power Platform. We plan to update the list as new content is developed so follow this blog (click the little star up above) to make sure you receive notifications when we do.
The OpenShift Container Platform supports many security and compliance features, you can read about it on the documentation site. You can learn about OpenShift Container Platform 4.x Tested Integrations for ppc64le and see which features are tested and available for your cluster.
FIPS (powervm upi) (powervs upi) (blog) covers how to turn on FIPS compatibility mode.
LUKS/NBDE (powervm upi) (powervs upi) (blog) covers encryption concepts, how to setup an external Tang cluster on IBM PowerVS, how to setup a cluster on IBM PowerVS, and how to confirm the encrypted disk setup.
Terraform Automation for NBDE/LUKS - (powervs) (powervm) supports deploying an external Tang server on PowerVS and PowerVM.
etcd encryption (blog) covers encrypting a subset of resources in the etcd data store on OpenShift and how to go through some common operations related to etcd management when it’s encrypted.
TLS Profiles (blog) covers the setting up of TLS inside OpenShift and verifying the settings.
seccomp (blog) covers the ins and outs of configuring the seccomp profile, and tells you why you should care and how you can configure it with your workload.
Security Context Constraints (blog) covers key things she learned from using Security Context Constraints.
Secure Attached Storage (blog) covers restricting the use of NFS mounts and securing the attached storage on OCP.
Authentication Providers (blog) covers using and configuring one of the many Authentication Providers for external auth in OCP.
Compliance Operator (blog) dives into configuring a compliance cluster with recipes to enable proper configuration.
Support Standards – CIS, PCI-DSS and more … dives into the PCI-DSS profile with the Compliance Operator.
Tools – oc-compliance
File Integrity Operator (blog) dives into using and managing FILE access and changes on a cluster.
The Security and Compliance Squad thanks you and looks forward to further updates.
Please drop a note in the comments section below (you need to join the community to comment) and tell us what other topics you'd like us to cover and/or provide your valuable feedback.
We are continuing to update this blog as we develop more content, so click Follow above to get notifications when we do.