Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Version 4 0 #1639

Closed
wants to merge 68 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
68 commits
Select commit Hold shift + click to select a range
60a5905
ci: added comments to Makefile (#1489) (#1490)
github-actions[bot] Aug 28, 2023
9b94eca
docs: updated fips page (#1491) (#1494)
github-actions[bot] Aug 29, 2023
6826a93
Remove the 1st occurrence of the OVA PCG video (#1493) (#1497)
github-actions[bot] Aug 29, 2023
a049154
docs: DOC-853 provide FIPS content (#1496) (#1498)
github-actions[bot] Aug 30, 2023
0965c4c
ci: added logic for backport PRs (#1499) (#1500)
github-actions[bot] Aug 30, 2023
07c4b7f
ci: added logic for backport PRs (#1501) (#1502)
github-actions[bot] Aug 30, 2023
7e455dc
ci: final fix to backport CI (#1503) (#1504)
github-actions[bot] Aug 30, 2023
bb71d06
Update VMO prereq (#1506)
cloudmaniac Aug 31, 2023
362d2ef
docs: Update 04.6-vm-management.md (#1507)
karl-cardenas-coding Aug 31, 2023
55e41c6
Merge branch 'version-4-0' of github.com:spectrocloud/librarium into …
karl-cardenas-coding Sep 1, 2023
d989205
Merge branch 'master' into version-4-0
karl-cardenas-coding Sep 1, 2023
bb48b22
chore: docusaurus migration :rocket
nagesh161007 Sep 3, 2023
35b8a87
Change edit URL (#1513)
nagesh161007 Sep 3, 2023
9b62174
New CVE's - Security Bulletin (#1510) (#1515)
github-actions[bot] Sep 5, 2023
631fa74
Feedback (#1514) (#1516)
github-actions[bot] Sep 5, 2023
40282b4
chore: fixed broken URLs (#1518) (#1519)
github-actions[bot] Sep 5, 2023
cf11649
Refactor MetalLB with Docusaurus (#1517) (#1520)
github-actions[bot] Sep 6, 2023
089031e
docs: backup and restore refactor (#1521)
github-actions[bot] Sep 6, 2023
6179de8
docs: DOC-823 update to MinIO steps (#1522) (#1523)
github-actions[bot] Sep 6, 2023
9206173
ci: updated to the backport flow (#1524) (#1525)
github-actions[bot] Sep 7, 2023
d3d8c59
docs: update default node repave interval value (#1529) (#1530)
github-actions[bot] Sep 9, 2023
9f775df
ci: added missing URL checker script (#1531) (#1532)
github-actions[bot] Sep 11, 2023
aee0ea5
Document 4.0.7 & 4.0.8 hotfixes in Release Notes (#1533) (#1534)
github-actions[bot] Sep 11, 2023
f1990e9
Document serviceDomain parameter in k8s config: PCP-935 (#1527) (#1537)
github-actions[bot] Sep 11, 2023
dc96161
chore: updated gitignore
karl-cardenas-coding Sep 12, 2023
e98146f
Fix Download cluster logs URL in troubleshooting.md (#1535) (#1538)
github-actions[bot] Sep 12, 2023
33bca0e
chore: redirect for eks-d
karl-cardenas-coding Sep 12, 2023
94e332f
docs: palette-cli URL update (#1541)
github-actions[bot] Sep 12, 2023
898c6ef
docsL updates (#1544)
github-actions[bot] Sep 12, 2023
39b5cad
docs: update registries-and-packs.md (#1545)
github-actions[bot] Sep 13, 2023
5f517c5
chore: removed note calloutboxes (#1549) (#1550)
github-actions[bot] Sep 14, 2023
ae5d42c
Document action needed in Palette if Vcntr pwd changes: doc-866 (#154…
github-actions[bot] Sep 15, 2023
a6217af
docs: Update palette-public-ips.md (#1553) (#1554)
github-actions[bot] Sep 15, 2023
3040fb2
Update add-roles-and-role-bindings.md (#1555) (#1556)
github-actions[bot] Sep 15, 2023
c536dbd
docs: updated URLs to use file path context (#1559)
github-actions[bot] Sep 16, 2023
12e3733
[version-4-0] chore: released docs versioning (#1560)
github-actions[bot] Sep 17, 2023
858a8e3
ci: version branch fix
karl-cardenas-coding Sep 17, 2023
cf788f0
ci: added version prefix in label
karl-cardenas-coding Sep 17, 2023
fc56740
docs: url updates (#1563) (#1564)
github-actions[bot] Sep 19, 2023
997b752
ci: updates to the CI flow
karl-cardenas-coding Sep 19, 2023
07240ad
Merge branch 'version-4-0' of github.com:spectrocloud/librarium into …
karl-cardenas-coding Sep 19, 2023
9d15760
Update NotFound.module.scss (#1566) (#1569)
github-actions[bot] Sep 20, 2023
98641c7
docs: updated README and release concurrency (#1567) (#1571)
github-actions[bot] Sep 20, 2023
f2dfdc0
ci: adding missing commit (#1573) (#1574)
github-actions[bot] Sep 20, 2023
612db15
ci: backport PRs logic
karl-cardenas-coding Sep 20, 2023
da38875
chore: change Mendable AI widget asset url (#1575) (#1576)
github-actions[bot] Sep 20, 2023
18066e1
ci: updated branch PR logic (#1578) (#1580)
github-actions[bot] Sep 20, 2023
cf8bd6c
docs: repave clarifications (#1548) (#1582)
vault-token-factory-spectrocloud[bot] Sep 20, 2023
c79dc28
docs: release Notes for 4.0.13 patch release (#1562) (#1583)
vault-token-factory-spectrocloud[bot] Sep 20, 2023
7d64931
docs: update maintenance-policy.md (#1579) (#1585)
vault-token-factory-spectrocloud[bot] Sep 20, 2023
a75b81f
ci: update to the backport post-PRs CI/CD (#1584) (#1587)
vault-token-factory-spectrocloud[bot] Sep 21, 2023
204d721
ci: updates to CI workflow (#1590) (#1591)
vault-token-factory-spectrocloud[bot] Sep 21, 2023
d03db55
Release note for 3.4.114 patch release (#1589) (#1593)
vault-token-factory-spectrocloud[bot] Sep 21, 2023
bb9fe71
ci: updated backport PR netlify logic (#1594) (#1595)
vault-token-factory-spectrocloud[bot] Sep 21, 2023
2631648
Fix sentence in deploy-virtual-cluster.md (#1599) (#1600)
vault-token-factory-spectrocloud[bot] Sep 23, 2023
a4e7493
Tiny doc fixes for edge (#1603) (#1605)
vault-token-factory-spectrocloud[bot] Sep 25, 2023
8645ddc
docs: remove warning label docs (#1604)
vault-token-factory-spectrocloud[bot] Sep 25, 2023
ec89859
ci: updated README and backport CI (#1606) (#1608)
vault-token-factory-spectrocloud[bot] Sep 25, 2023
ddcebce
docs: added missing API rate documentation (#1607) (#1610)
vault-token-factory-spectrocloud[bot] Sep 25, 2023
d2d99cf
docs: Update install-manage-maas-pcg examples (#1613) (#1614)
vault-token-factory-spectrocloud[bot] Sep 27, 2023
f6d4791
Document OIDC options for Spectro VM Dashboard: PEM-2283 (#1526) (#1618)
vault-token-factory-spectrocloud[bot] Sep 28, 2023
b7e23be
docs: fix virtual cluster text that used double infobox (#1617)
karl-cardenas-coding Sep 28, 2023
1ea9fe5
docs: update palette-cli version (#1619) (#1620)
vault-token-factory-spectrocloud[bot] Sep 28, 2023
6419cf8
docs: fix URL (#1622) (#1624)
vault-token-factory-spectrocloud[bot] Sep 28, 2023
a695fb5
chore: api version dropdown feature (#1627) (#1628)
vault-token-factory-spectrocloud[bot] Sep 29, 2023
f1eea9c
Update maintenance-policy.md (#1630) (#1631)
vault-token-factory-spectrocloud[bot] Oct 2, 2023
c691234
chore: updated privacy settings experience (#1635) (#1636)
vault-token-factory-spectrocloud[bot] Oct 3, 2023
c49dc1f
OIDC config for vclusters ppd 1328 (#1626) (#1638)
vault-token-factory-spectrocloud[bot] Oct 3, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
docs: DOC-853 provide FIPS content (#1496) (#1498)
* docs: DOC-853 provide FIPS content

* docs: updated the language

* Apply suggestions from code review

Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>

---------

Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
(cherry picked from commit cf9befb)

Co-authored-by: Karl Cardenas <karl@spectrocloud.com>
commit a0491544b0d33da9b7dbe5a67a1dc4873e78f8ae
123 changes: 113 additions & 10 deletions content/docs/12.5-vertex/00-fips/01-fips-compliant-components.md
Original file line number Diff line number Diff line change
@@ -46,25 +46,128 @@ Palette VerteX provides FIPS-compliant infrastructure components in Kubernetes c

All services in the management plane are FIPS compiled with Go using [BoringCrypto libraries](https://pkg.go.dev/crypto/internal/boring) and static linking. Refer to the [Spectro Cloud Cryptographic Module](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4349) resource to learn about our NIST certificate.

<br />

## FIPS-Compliant Kubernetes

Our customized version of Kubernetes is FIPS-compliant. Both [Palette eXtended Kubernetes (PXK)](/integrations/kubernetes) and [Palette eXtended Kubernetes-Edge (PXK-E)](/integrations/kubernetes-edge) are compiled with FIPS-compliant compiler and libraries.

<br />


<InfoBox>

Refer to the [Palette eXtended Kubernetes (PXK)](/integrations/kubernetes) and [Palette eXtended Kubernetes-Edge (PXK-E)](/integrations/kubernetes-edge) documentation to learn more about the each Kubernetes distribution.


</InfoBox>

All PXK and PXKE components and supporting open-source components are compiled in their native programming language using language specific FIPS-compliant libraries and static linking. If the component is not available in the form of a FIPS-compliant binary, we compile it with FIPS-compliant compiler and libraries. The following tables list the FIPS-compliant components in PXK and PXK-E:

<br />


### Core Kubernetes Components

| **Component** | **Description** |
| --- | --- |
| API Server | The API server is the central management entity that receives all REST requests for the cluster. |
| Controller Manager | The controller manager is a daemon that embeds the core control loops shipped with Kubernetes. |
| Scheduler | The scheduler is a daemon that finds the best node for a pod, based on the scheduling requirements you specify. |
| Kubelet | The kubelet is the primary *node agent* that is deployed on each node. |
| Kube-proxy | The kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. |
| Kubeadm | Kubeadm is a tool built to provide best-practice “fast paths” for creating Kubernetes clusters. |
| Kubectl | Kubectl is a command line interface for issuing commands against Kubernetes clusters. |


### Auxiliary Kubernetes Components

## Kubernetes
| **Component** | **Description** |
| --- | --- |
| CoreDNS | CoreDNS is a Domain Name System (DNS) server deployed as a cluster DNS service. |
| Etcd | Etcd is a distributed key-value store used as Kubernetes’ backing store for all cluster data. |
| Metrics Server | Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. |
| Ingress Controller| Nginx is used as the ingress controller. An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and Transport Layer Security (TLS) termination for Kubernetes services. |
| Nginx Server| The Nginx server is a web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. |
| Nginx Ingress Controller| The Nginx ingress controller uses ConfigMap to store the Nginx configuration. |

Refer to the [Palette eXtended Kubernetes (PXK)](/integrations/kubernetes) and [Palette eXtended Kubernetes-Edge (PXK-E)](/integrations/kubernetes-edge) to learn about these security-hardened packs.

<!-- <br />
### Runtime Components

- Helm
- Open Container Initiative (OCI) Registry As Storage (ORAS)
- DevSpace open-source developer tool for Kubernetes
- Kubectl command line tool
- Kustomize to enable customizing YAML files
- Amazon Web Services (AWS) IAM Authenticator
- etcd -->
| **Component** | **Description** |
| --- | --- |
| containerd | Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness, and portability. |
| containerd-shim | Containerd-shim is a shim used by containerd to launch containers. |
| containerd-shim-runc-v1 | Containerd-shim-runc-v1 is a shim used by containerd to launch containers. |
| containerd-shim-runc-v2 | Containerd-shim-runc-v2 is a shim used by containerd to launch containers. |
| ctr| Ctr is a command line interface for containerd. |
| crictl | Crictl is a command line interface for CRI-compatible container runtimes. |
| runc | Runc is a CLI tool for spawning and running containers according to the OCI specification. |


### Container Network Interface Components

| **Component** | **Description** |
| --- | --- |
| Calico | Calico is a Container Network Interface plugin that provides networking and network policy for Kubernetes clusters. |

### Container Storage Interface Components

| **Component** | **Description** |
| --- | --- |
| AWS EBS CSI | AWS EBS CSI is a CSI plugin that provides storage for Kubernetes clusters. |
| vSphere CSI | vSphere CSI is a CSI plugin that provides storage for Kubernetes clusters. |
| Longhorn CSI | Longhorn CSI is a CSI plugin that provides storage for Kubernetes clusters. Longhorn is the only supported CSI for PXKE. |

<br />


##### AWS EBS CSI Components

| **Component** | **Description** |
| --- | --- |
| Driver| The driver is a CSI plugin that provides storage for Kubernetes clusters. |
| External Attacher | The external attacher is a CSI plugin that attaches volumes to nodes. |
| External Provisioner | The external provisioner is a CSI plugin that provisions volumes. |
| External Resizer | The external resizer is a CSI plugin that resizes volumes. |
| External Snapshotter | The external snapshotter is a CSI plugin that takes snapshots of volumes. |
| Liveness Probe | The liveness probe is a CSI plugin that checks the health of the driver. |
| Node Driver Registrar | The node driver registrar is a CSI plugin that registers the driver with the kubelet. |

<br />

##### Longhorn CSI Components

| **Component** | **Description** |
|---------------------------|--------------|
| Backing image manager | Manages backing images for Longhorn volumes. |
| Attacher | Handles attaching and detaching of volumes to nodes. |
| Provisioner | Manages provisioning and de-provisioning of storage resources. |
| Resizer | Enables resizing of storage volumes. |
| Snapshotter | Manages snapshots of Longhorn volumes. |
| Node driver registrar | Registers the CSI driver with the Kubernetes node. |
| Liveness probe | Monitors health of CSI components. |
| Longhorn engine | Core component that handles read and write operations to the storage backend. |
| Longhorn instance manager | Manages Longhorn engine and replica instances. |
| Longhorn share manager | Manages shared volumes and exposes them via protocols like Network File System (NFS). |
| Longhorn UI | User interface for managing Longhorn components and resources. |
| Longhorn support bundle kit| Collects logs and system information for debugging. |



<InfoBox>

The Longhorn Manager component is partially FIPS-compliant. This component uses utiltities that are not using a FIPS-compliant version of OpenSSL. The following utilities are not FIPS-compliant:

- openssl
- curl
- nfs-utils
- bind-tools


</InfoBox>


<br />