Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial security hardening doc #65

Merged
merged 7 commits into from
Oct 16, 2024

Conversation

ale8k
Copy link
Contributor

@ale8k ale8k commented Oct 16, 2024

No description provided.

how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
JAAS uses the Canonical Identity Platform for authentication. The communication between JAAS
and the identity platform can be secured via TLS.

You will require the identity Platform and the self-signed-certificates charm deployed.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm ideally they should have proper cert, perhaps using the httprequest-lego-k8s charm.. you may suggest using the self-signed-certificates charm for local deploy, but definitely not for production

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is in-cluster tohugh isnt it??

how-to/security_hardening.rst Outdated Show resolved Hide resolved
and the identity platform can be secured via TLS.

You will require the identity Platform and the self-signed-certificates charm deployed.
See `here <https://charmhub.io/topics/canonical-identity-platform/tutorials/e2e-tutorial>`__ for deploying the identity platform.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this guide seems to suggest the self signed certs.. maybe that's enough and we just add the bits that are needed to relate jimm to self-signed-certs

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

responded on other comment

.custom_wordlist.txt Outdated Show resolved Hide resolved
.custom_wordlist.txt Outdated Show resolved Hide resolved
how-to/index.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/security_hardening.rst Show resolved Hide resolved
SimoneDutto
SimoneDutto previously approved these changes Oct 16, 2024
Copy link
Contributor

@SimoneDutto SimoneDutto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good job, writing doc is hard

Copy link
Member

@babakks babakks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With just a few changes.

how-to/security_hardening.rst Outdated Show resolved Hide resolved
how-to/setup_ingress_with_tls.rst Outdated Show resolved Hide resolved
babakks
babakks previously approved these changes Oct 16, 2024
how-to/security_hardening.rst Outdated Show resolved Hide resolved
Copy link
Member

@babakks babakks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work. ❤️

@ale8k ale8k merged commit 36e6205 into canonical:v3 Oct 16, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants