Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ISO 27001 #2031

Merged
merged 13 commits into from
Jan 17, 2024
Merged
2 changes: 1 addition & 1 deletion docs/docs-content/architecture/grps-proxy.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ The following sections provide more information about gRPC and proxies.

## Proxy Without SSL Bump

Because gRPC is based on HTTP/2, any proxy server that supports the [HTTP CONNECT](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT) method can be used to forward gRPC traffic. No configuration is required for this scenario. The exception is when the proxy server performs an SSL bump, discussed in the [Proxy With SSL Bump](/architecture/grps-proxy#proxywithsslbump) section.
Because gRPC is based on HTTP/2, any proxy server that supports the [HTTP CONNECT](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT) method can be used to forward gRPC traffic. No configuration is required for this scenario. The exception is when the proxy server performs an SSL bump, discussed in the [Proxy With SSL Bump](#proxy-with-ssl-bump) section.


:::info
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ Palette [Virtual Clusters](../palette-virtual-clusters/palette-virtual-clusters.

## Prerequisites

* A project or tenant backup location. Refer to the [cluster backup and restore](../cluster-management/backup-restore/backup-restore.md#clusterbackupandrestore) document to learn how to configure a backup location.
* A project or tenant backup location. Refer to the [cluster backup and restore](../cluster-management/backup-restore/backup-restore.md#get-started) document to learn how to configure a backup location.

* Cluster group modification [permissions](../../user-management/palette-rbac/palette-rbac.md).

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ tags: ["clusters", "cluster management", "backup"]
---


This guide provides instructions for how to add a backup location in Palette using dynamic access credentials. You use the dynamic access credentials to authenticate Palette with the backup location service provider. Refer to the [Backup Location](backup-restore.md#backuplocation) section to learn more about the supported service providers.
This guide provides instructions for how to add a backup location in Palette using dynamic access credentials. You use the dynamic access credentials to authenticate Palette with the backup location service provider. Refer to the [Backup Location](./backup-restore.md#backup-locations-and-credentials) section to learn more about the supported service providers.


Depending on the infrastructure provider, there may be limitations or different prerequisites.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ To get started with creating a backup, check out the [Add a Backup Location usin

:::info

If you are using a workspace, refer to the [Manage Palette Workspace](/workspace/workload-features#managepaletteworkspace) guide to learn more about backup and restore actions for a workspace.
If you are using a workspace, refer to the [Manage Palette Workspace](../../../workspace/workload-features.md) guide to learn more about backup and restore actions for a workspace.

:::

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,20 +15,20 @@ To get started with an attribute access control through tags, check out the [Cre

- [Cluster Resource Filter](create-add-filter.md)

- [Create Resource Filter](create-add-filter.md#createresourcefilter)
- [Create Resource Filter](create-add-filter.md#create-resource-filter)

- [Add Resource Role](create-add-filter.md#addresourcerole)
- [Add Resource Role](create-add-filter.md#add-resource-role)


- [Palette Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md)

- [Palette Global Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md#paletteglobalresourceroles)
- [Palette Global Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md#palette-global-resource-roles)

- [Palette Custom Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md#palettecustomresourceroles)
- [Palette Custom Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md#palette-custom-resource-roles)

- [Create Custom Role](../../../user-management/new-user.md#createcustomrole)
- [Create Custom Role](../../../user-management/new-user.md#create-custom-role)

- [Create New User in Palette](../../../user-management/new-user.md#createanewuser)
- [Create New User in Palette](../../../user-management/new-user.md#create-a-new-user)



Original file line number Diff line number Diff line change
Expand Up @@ -47,17 +47,17 @@ Upon creating a filter, a display message will pop up to confirm the successful

## Add Resource Role

You can assign the resource filter created, in combination with roles, to a [user](../../../user-management/new-user.md#createanewuser) to enforce access restriction. Palette provisions two types of roles:
You can assign the resource filter created, in combination with roles, to a [user](../../../user-management/new-user.md#create-a-new-user) to enforce access restriction. Palette provisions two types of roles:

* [Palette Global Roles](../../..//user-management/palette-rbac/resource-scope-roles-permissions.md#paletteglobalresourceroles), the set of roles that are available in Palette console
* [Palette Global Roles](../../..//user-management/palette-rbac/resource-scope-roles-permissions.md#palette-global-resource-roles), the set of roles that are available in Palette by default.

* [Custom Resource Roles](../../..//user-management/palette-rbac/resource-scope-roles-permissions.md#palettecustomresourceroles), can be generated according to your requirements from the available set of permissions and operations.
* [Custom Resource Roles](../../..//user-management/palette-rbac/resource-scope-roles-permissions.md#palette-custom-resource-roles), can be generated according to your requirements from the available set of permissions and operations.

### Prerequisites

* A [Palette account](https://console.spectrocloud.com) with Tenant scope privileges.

* A [user created](../../../user-management/new-user.md#createanewuser) to assign the resource privileges.
* A [user created](../../../user-management/new-user.md#create-a-new-user) to assign the resource privileges.

To assign the resource roles and filter to the user follow the below steps:
<br />
Expand Down Expand Up @@ -104,5 +104,5 @@ Upon creating a filter, a display message will pop up to confirm the successful

## Resource

* [Create a New User](../../..//user-management/new-user.md#createanewuser)
* [Create a New User](../../..//user-management/new-user.md#create-a-new-user)

Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ Example: `https://metrics.example.com:9090/api/v1/write`
- url: "https://metrics.example.com:9090/api/v1/write"
```

8. Add the `basic_auth` parameters shown below. Replace `<USERNAME>` and `<PASSWORD>` with the actual credential values. Use the username you created to authenticate with the Prometheus API server. If you followed the [Deploy a Monitoring Stack](deploy-monitor-stack.md#deployamonitoringstack) with authentication guide, then the username is `agent`.
8. Add the `basic_auth` parameters shown below. Replace `<USERNAME>` and `<PASSWORD>` with the actual credential values. Use the username you created to authenticate with the Prometheus API server. If you followed the [Deploy a Monitoring Stack](deploy-monitor-stack.md#deploy-a-monitoring-stack) with authentication guide, then the username is `agent`.

<br />

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ If you are using Palette Virtual Machine (VM) Management, you can find steps on

:::warning

If you are using [OIDC](/clusters/cluster-management/cluster-rbac#userbacwithoidc) with your host cluster, you will need the kubelogin plugin. Refer to the kubelogin GitHub repository [README](https://github.com/int128/kubelogin#setup) for installation guidance.
If you are using [OIDC](./cluster-rbac.md) with your host cluster, you will need the kubelogin plugin. Refer to the kubelogin GitHub repository [README](https://github.com/int128/kubelogin#setup) for installation guidance.
karl-cardenas-coding marked this conversation as resolved.
Show resolved Hide resolved
karl-cardenas-coding marked this conversation as resolved.
Show resolved Hide resolved

:::

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,7 @@ The next step is to use the following `docker run` command to trigger Packer bui
- The `cd /edge/vmware/packer/ && packer build -force --var-file=vsphere.hcl build.pkr.hcl` shell sub-command changes to the container's **/edge/vmware/packer/** directory and invokes `packer build` to create the VM template. The `packer build` command has the following options:

- The `-force` flag destroys any existing template.
- The `--var-file` option reads the **vsphere.hcl** file from the container. This file contains the VM template name, VM configuration, and ISO file name to use. The VM configuration conforms to the [minimum device requirements](../architecture/#minimum-device-requirements).
- The `--var-file` option reads the **vsphere.hcl** file from the container. This file contains the VM template name, VM configuration, and ISO file name to use. The VM configuration conforms to the [minimum device requirements](../architecture.md#minimum-device-requirements).

The **vsphere.hcl** file content is shown below for your reference. This tutorial does not require you to modify these configurations.

Expand Down
2 changes: 1 addition & 1 deletion docs/docs-content/clusters/public-cloud/aws/aws.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ hide_table_of_contents: false
---


Palette supports integration with [Amazon Web Services](https://aws.amazon.com). You can deploy and manage [Host Clusters](../../../glossary-all.md#hostcluster) in AWS. To get started check out the [Register and Manage AWS Accounts](add-aws-accounts.md).
Palette supports integration with [Amazon Web Services](https://aws.amazon.com). You can deploy and manage [Host Clusters](../../../glossary-all.md#host-cluster) in AWS. To get started check out the [Register and Manage AWS Accounts](add-aws-accounts.md).



Expand Down
7 changes: 5 additions & 2 deletions docs/docs-content/clusters/public-cloud/azure/azure.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ tags:
- azure
---

Palette supports integration with [Microsoft Azure](https://azure.microsoft.com/en-us). You can deploy and manage [Host Clusters](../../../glossary-all.md#hostcluster) in Azure or Azure Government. To get started check out the [Register and Manage Azure Cloud Account](azure-cloud.md#manage-azure-accounts).
Palette supports integration with [Microsoft Azure](https://azure.microsoft.com/en-us). You can deploy and manage [Host Clusters](../../../glossary-all.md#host-cluster) in Azure or Azure Government. To get started check out the [Register and Manage Azure Cloud Account](azure-cloud.md).



Expand All @@ -23,7 +23,10 @@ To learn more about Palette and Azure cluster creation and its capabilities chec
- [Register and Manage Azure Cloud Account](azure-cloud.md)


- [Create and Manage Azure Cluster](create-azure-cluster.md#deploy-an-azure-cluster-with-palette)
- [Create and Manage IaaS Azure Cluster](create-azure-cluster.md)


- [Create and Manage Azure AKS Cluster](aks.md)


- [Deleting an Azure Cluster](../../cluster-management/remove-clusters.md)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ Use the following steps to deploy an Azure cluster.

:::warning

If the Azure account is registered with **Disable Properties** and **Static Placement** options enabled, then Palette will not import the network information from your Azure account. You can manually input the information for the **Control Plane Subnet** and the **Worker Network**, but be aware that **drop-down Menu** selections will be empty. To learn more about these settings and certain requirements to use them, refer to [Disable Properties](azure-cloud.md#disable-properties).
If the Azure account is registered with **Disable Properties** and **Static Placement** options enabled, then Palette will not import the network information from your Azure account. You can manually input the information for the **Control Plane Subnet** and the **Worker Network**, but be aware that **drop-down Menu** selections will be empty. To learn more about these settings and certain requirements to use them, refer to [Disable Properties](azure-cloud.md#disable-palette-network-calls-to-azure-account).

:::

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1243,7 +1243,7 @@ In this tutorial, you created a cluster profile, which is a template that contai

Palette assures consistency across cluster deployments through cluster profiles. Palette also enables you to quickly deploy applications to a Kubernetes environment with little or no prior Kubernetes knowledge. In a matter of minutes, you were able to provision a new Kubernetes cluster and deploy an application.

We encourage you to check out the [Deploy an Application using Palette Dev Engine](/devx/apps/deploy-app) tutorial to learn more about Palette. Palette Dev Engine can help you deploy applications more quickly through the usage of [virtual clusters](/glossary-all#palettevirtualcluster). Feel free to check out the reference links below to learn more about Palette.
We encourage you to check out the [Deploy an Application using Palette Dev Engine](/devx/apps/deploy-app) tutorial to learn more about Palette. Palette Dev Engine can help you deploy applications more quickly through the usage of [virtual clusters](../../glossary-all.md#palette-virtual-cluster). Feel free to check out the reference links below to learn more about Palette.

<br />

Expand Down
44 changes: 0 additions & 44 deletions docs/docs-content/compliance.md

This file was deleted.

2 changes: 1 addition & 1 deletion docs/docs-content/devx/devx.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ The PDE dashboard provides a snapshot of resource utilization in your PDE enviro

## Automation Support

You can manage PDE resources through the [Palette API](/api/introduction), [Spectro Cloud Terraform provider](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs), and the Palette CLI. Download the Palette CLI from the [Downloads](/spectro-downloads#palettecli) page to start programmatically using PDE.
You can manage PDE resources through the [Palette API](/api/introduction), [Spectro Cloud Terraform provider](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs), and the Palette CLI. Download the Palette CLI from the [Downloads](../spectro-downloads.md#palette-cli) page to start programmatically using PDE.

![A view of the Palette CLI menu from a terminal](/devx_devx_cli-display.png)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ You can validate the Vault instance deployed successfully by using the following

10. Open your browser and visit [https://localhost:8200/ui](https://localhost:8200/ui) to access the Vault UI. You will receive a warning due to the usage of a self-signed certificate but you can ignore this warning.

To acquire the Vault root token, review the [Vault Credentials](vault.md#vault-credentials) section.
To acquire the Vault root token, review the [Vault Credentials](#vault-credentials) section.


# Output Variables
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ Carefully review the [prerequisites](#prerequisites) section before proceeding.
- Palette CLI installed and available. Refer to the Palette CLI [Install](../../../palette-cli/install-palette-cli.md#download-and-setup) page for guidance.


- Review the required vSphere [permissions](../install-on-vmware/vmware-system-requirements.md). Ensure you have created the proper custom roles and zone tags. Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/install-on-vmware.md#vsphere-machine-configuration) for information.
- Review the required vSphere [permissions](../install-on-vmware/vmware-system-requirements.md). Ensure you have created the proper custom roles and zone tags. Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/vmware-system-requirements.md) for information.


<br />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ If you are installing Palette in an airgap environment, ensure you complete all
- x509 SSL certificate authority file in base64 format. This file is optional.


- Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/install-on-vmware.md#vsphere-machine-configuration) for information.
- Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/vmware-system-requirements.md) for information.


- Assigned IP addresses for application workload services, such as Load Balancer services.
Expand Down
2 changes: 1 addition & 1 deletion docs/docs-content/integrations/kubernetes-edge.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ We also offer Palette eXtended Kubernetes (PXK) for cloud and data center deploy

### PXK and Palette VerteX

The PXK-E used in [Palette VerteX](../vertex/vertex.md) is compiled and linked with our [NIST-certified FIPS crypto module](../compliance.md#fips-140-2). PXK-E is by default enabled with [Ubuntu Pro](https://ubuntu.com/pro) with FIPS mode enabled. Additionally, the Operating System (OS) is hardened based on the NIST-800 standard. Refer to the [Build Edge Artifacts](../clusters/edge/edgeforge-workflow/build-artifacts.md) guide to learn more on how to build the PXK-E image with FIPS mode enabled.
The PXK-E used in [Palette VerteX](../vertex/vertex.md) is compiled and linked with our [NIST-certified FIPS crypto module](../legal-licenses/compliance.md#fips-140-2). PXK-E is by default enabled with [Ubuntu Pro](https://ubuntu.com/pro) with FIPS mode enabled. Additionally, the Operating System (OS) is hardened based on the NIST-800 standard. Refer to the [Build Edge Artifacts](../clusters/edge/edgeforge-workflow/build-artifacts.md) guide to learn more on how to build the PXK-E image with FIPS mode enabled.
karl-cardenas-coding marked this conversation as resolved.
Show resolved Hide resolved

The combined usage of PXK-E and Palette VerteX provides a secure and FIPS-compliant experience as the Kubernetes distribution, OS, and management platform VerteX is FIPS-compliant.

Expand Down
Loading
Loading