Installation
+Installation
Downstream Clusters
Run the following Helm command to install Airgapped Docs chart, substituting your registry in:
helm install -n carbide-docs-system --create-namespace \
--set "global.cattle.systemDefaultRegistry=<registry-url>" \
airgapped-docs carbide-charts/airgapped-docs
Introduction
+Introduction
This page will walk through installation and usage of the Airgapped Docs component of Rancher Government Carbide.
IOC Expectations
As our product is still at Initial Operation Capability (IOC), there are some expectations to level-set:
diff --git a/docs/airgapped-docs/prereqs.html b/docs/airgapped-docs/prereqs.html index 831c876..fe258b7 100644 --- a/docs/airgapped-docs/prereqs.html +++ b/docs/airgapped-docs/prereqs.html @@ -2,13 +2,13 @@ - -Prerequisites
+Prerequisites
In order to utilize Airgapped Docs, you will need the following prerequisites:
- Rancher v2.7.0 or higher: https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions diff --git a/docs/airgapped-docs/uninstall.html b/docs/airgapped-docs/uninstall.html index 5903b4e..02eeff2 100644 --- a/docs/airgapped-docs/uninstall.html +++ b/docs/airgapped-docs/uninstall.html @@ -2,13 +2,13 @@ - -
Uninstall
+Uninstall
Downstream Clusters
On each downstream cluster, run the following command to uninstall Airgapped Docs:
helm uninstall -n carbide-docs-system airgapped-docs
Airgapped Docs
Airgapped-Capable Docs for the Entire Rancher Product Portfolio
📄️ Installation
Downstream Clusters
📄️ Introduction
This page will walk through installation and usage of the Airgapped Docs component of Rancher Government Carbide.
📄️ Prerequisites
In order to utilize Airgapped Docs, you will need the following prerequisites:
📄️ Uninstall
Downstream Clusters
Airgapped Docs
Airgapped-Capable Docs for the Entire Rancher Product Portfolio
📄️ Installation
Downstream Clusters
📄️ Introduction
This page will walk through installation and usage of the Airgapped Docs component of Rancher Government Carbide.
📄️ Prerequisites
In order to utilize Airgapped Docs, you will need the following prerequisites:
📄️ Uninstall
Downstream Clusters
Carbide Image Registry
Carbide Image Registry
📄️ Architecture
This page will walk through the architecture of the Carbide Secured Registry (CSR), including both of the pipelines related to the CSR, as well as typical usage of the images.
📄️ Carbide Helm Charts
Along with the our secured images provided through the CSR, we also provide helm charts to install various components of the carbide product suite. These include charts include the necessary components to run STIGATRON, an airgapped copy of all rancher product docs, as well as custom build of rancher with our white-labeling.
🗃️ configuration
2 items
📄️ Copying Images to a Registry
This page will walk you through copying our secured images into your own registry for later use.
📄️ Downloading the Images
This page will walk you through locally downloading our secured images from our hardened registry, as well as packaging them to move over an airgap into your registry.
📄️ Enforcement
This page will walk you through configuring a few example policy enforcement engines to validate your cluster images against our public key. This should ensure only the images from our hardened registry are allowed to run.
📄️ Introduction
This page will walk through IOC expectations of the hardened registry and what exactly the hardened registry provides.
📄️ Loading Images to a Registry
This page will walk you through seeding your registry with downloaded images from the CSR for all Rancher components.
📄️ Prerequisites
Below are all the things you need to get started with the Hardened Container Registry. As we improve and streamline the process, this list could evolve.
📄️ Release Cadence
This page will walk through how the pipelines are currently configured to execute, and future plans.
📄️ RKE2/K3s Uninstall
K3s
📄️ Rancher Manager Uninstall
This page will walk you through how to uninstall Carbide Registry Images from Rancher Manager both for its own components and downstream Rancher Kubernetes clusters (RKE2/K3s).
📄️ Validating Images
This will guide you through validating the signatures and attestations of each image in the secured registry, as well as how to download artifacts about the image (Software Bill of Materials, Vulnerability Scan, Cryptographic Signature, etc...).
Carbide Image Registry
Carbide Image Registry
📄️ Architecture
This page will walk through the architecture of the Carbide Secured Registry (CSR), including both of the pipelines related to the CSR, as well as typical usage of the images.
📄️ Carbide Helm Charts
Along with the our secured images provided through the CSR, we also provide helm charts to install various components of the carbide product suite. These include charts include the necessary components to run STIGATRON, an airgapped copy of all rancher product docs, as well as custom build of rancher with our white-labeling.
🗃️ configuration
2 items
📄️ Copying Images to a Registry
This page will walk you through copying our secured images into your own registry for later use.
📄️ Downloading the Images
This page will walk you through locally downloading our secured images from our hardened registry, as well as packaging them to move over an airgap into your registry.
📄️ Enforcement
This page will walk you through configuring a few example policy enforcement engines to validate your cluster images against our public key. This should ensure only the images from our hardened registry are allowed to run.
📄️ Introduction
This page will walk through IOC expectations of the hardened registry and what exactly the hardened registry provides.
📄️ Loading Images to a Registry
This page will walk you through seeding your registry with downloaded images from the CSR for all Rancher components.
📄️ Prerequisites
Below are all the things you need to get started with the Hardened Container Registry. As we improve and streamline the process, this list could evolve.
📄️ Release Cadence
This page will walk through how the pipelines are currently configured to execute, and future plans.
📄️ RKE2/K3s Uninstall
K3s
📄️ Rancher Manager Uninstall
This page will walk you through how to uninstall Carbide Registry Images from Rancher Manager both for its own components and downstream Rancher Kubernetes clusters (RKE2/K3s).
📄️ Validating Images
This will guide you through validating the signatures and attestations of each image in the secured registry, as well as how to download artifacts about the image (Software Bill of Materials, Vulnerability Scan, Cryptographic Signature, etc...).
STIGATRON Security Operator
Operator to enhance the experience when working with the DISA Fully Certified RKE2 STIG
📄️ Creating STIGATRON Scans
1. After installing STIGATRON on your downstream cluster, when you navigate to that downstream cluster, you should see STIGATRON on the left navigation menu. Click there.
📄️ Installation
Local Cluster
📄️ Introduction
This page will walk through Installation and Usage of the STIGATRON component of Rancher Government Carbide.
📄️ Prerequisites
In order to utilize STIGATRON, you will need the following prerequisites:
📄️ Uninstall
Local Cluster
📄️ Using MITRE Heimdall
1. To export scan results to common formats, select the Export button in the upper-left.
STIGATRON Security Operator
Operator to enhance the experience when working with the DISA Fully Certified RKE2 STIG
📄️ Creating STIGATRON Scans
1. After installing STIGATRON on your downstream cluster, when you navigate to that downstream cluster, you should see STIGATRON on the left navigation menu. Click there.
📄️ Installation
Local Cluster
📄️ Introduction
This page will walk through Installation and Usage of the STIGATRON component of Rancher Government Carbide.
📄️ Prerequisites
In order to utilize STIGATRON, you will need the following prerequisites:
📄️ Uninstall
Local Cluster
📄️ Using MITRE Heimdall
1. To export scan results to common formats, select the Export button in the upper-left.
Feedback
+Feedback
Feedback is critical to us to continue to improve our tools and help you with your mission.
For any issues, concerns, or questions, please open an issue: https://github.com/rancherfederal/carbide-docs/issues
Introduction
+Introduction
Carbide is Rancher Government's hardened distribution of the SUSE Rancher product portfolio. Carbide is exclusively offered to our US Government and partnering customers that value security above all else.
Rancher Carbide is tactically built with the following enhancements over the community version:
-
diff --git a/docs/known-limits.html b/docs/known-limits.html
index dd3dd6b..603bef0 100644
--- a/docs/known-limits.html
+++ b/docs/known-limits.html
@@ -2,13 +2,13 @@
-
-
Known Limitations & Caveats
+Known Limitations & Caveats
While we continue to improve Carbide from the feedback and requirements from our customers, we strive to remain agile in our development. With that, below are the known limitations and caveats with the Secured Registry. We intend to work diligently to address these as Carbide continues to evolve.
Rancher Managing Cloud-Hosted Kubernetes
-
diff --git a/docs/registry-docs/architecture.html b/docs/registry-docs/architecture.html
index 0753e51..58a4793 100644
--- a/docs/registry-docs/architecture.html
+++ b/docs/registry-docs/architecture.html
@@ -2,13 +2,13 @@
-
-
Architecture
+Architecture
This page will walk through the architecture of the Carbide Secured Registry (CSR), including both of the pipelines related to the CSR, as well as typical usage of the images.
Pipeline Architecture
