Bug 1377411

Summary: [DOCS] OpenShift docs lack Security Best Practices section
Product: OpenShift Container Platform Reporter: Joel Smith <joelsmith>
Component: DocumentationAssignee: Alex Dellapenta <adellape>
Status: CLOSED CURRENTRELEASE QA Contact: Vikram Goyal <vigoyal>
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 3.3.0CC: aheslin, aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: 3.5.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-06 10:57:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Joel Smith 2016-09-19 15:33:24 UTC 
Description of problem:

From Insomnia security:

> The OpenShift documentation is extensive and well written,
> however the key security controls are not clearly enumerated
> in one location in the documentation. For example, Insomnia
> was approximately a week into familiarisation with the
> platform before understanding that the Custom Build Strategy
> was inherently dangerous (it is explained in the Securing Builds
> by Strategy section, but this is relatively buried in the Cluster
> Administration). The consequences of setting some of the controls
> (e.g. in the Managing Security Control Constraints section) are
> not clearly illustrated; it is not clear that some of these can
> result in complete failure of containment on the entire platform.

> It may be feasible to create a specific “Security Best Practices”
> section of the document which explains the key security controls,
> their effect on the posture of the platform, and with
> recommendations for these controls.

I agree that the lack of a section that details all of the critical controls in one location is a problem. Could we please remedy this? Perhaps we could query team leads to see if they have any candidate controls to add to the section in addition to the one mentioned above.


Document URL: 

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 

Additional information:
Comment 6 Vikram Goyal 2017-08-06 10:57:17 UTC 
This was published recently:

https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html-single/container_security_guide/