I have a customer that enforces STIG Red Hat Enterprise Linux 8 Security Technical Implementation Guide in their AirGapped environment and I am wondering if there would be any issues installing with replicated in their environment.
Hi @molowu - I have asked around and We haven’t attempted to certify for this, and don’t have a guide for doing so – this will likely be something your team will have to lead the charge on. If you hit specific issues / needs we can address them as we come up.
The easiest path here will probably be to use a customer-provided cluster so that they can own the host packages and OS configuration to and enforce STIG compliance there. However, I will provide some kURL materials below.
A few links worth checking out that may be of interest here are some of the flags that let your team or the end customer team modify/control the SELinux and IPTables changes performed by kURL when installing Kubernetes.
- kURL with CIS Security Benchmarks applied: https://kurl.sh/docs/install-with-kurl/cis-compliance
- SELinux w/ kURL: https://kurl.sh/docs/add-ons/selinux
-
iptablesw/ kURL: https://kurl.sh/docs/add-ons/iptables - Customer ability to patch the cluster at install-time: https://kurl.sh/docs/install-with-kurl/#modifying-an-install-using-a-yaml-patch-file-at-runtime