TELCODOCS-2171#Remove refs to telco in Day2Ops Security files and file names

Author: amolnar-rh

edge_computing/day_2_core_cnf_clusters/security/security-basics.adoc

@@ -0,0 +1,52 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="security-basics"]
+= Security basics
+include::_attributes/common-attributes.adoc[]
+:context: security-basics
+
+toc::[]
+
+Security is a critical component of {product-title} deployments , particularly when running cloud-native applications. 
+
+You can enhance security for high-bandwidth network deployments by following key security considerations. By implementing these standards and best practices, you can strengthen security in most use cases.
+
+include::modules/security-rbac-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/authentication/using-rbac.html#authorization-overview_using-rbac[Using RBAC to define and apply permissions]
+
+include::modules/security-sec-accounts-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/authentication/understanding-and-creating-service-accounts.html[Understanding and creating service accounts]
+
+include::modules/security-identity-prov-config.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/authentication/understanding-identity-provider.html[Understanding identity provider configuration]
+
+include::modules/security-replacing-kubeadmin-user.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/authentication/identity_providers/configuring-htpasswd-identity-provider.html#identity-provider-htpasswd-about_configuring-htpasswd-identity-provider[About htpasswd authentication]
+
+include::modules/security-sec-considerations-telco.adoc[leveloffset=+1]
+
+include::modules/security-pod-sec-in-kub-and-ocp.adoc[leveloffset=+1]
+
+include::modules/security-infra.adoc[leveloffset=+1]
+
+include::modules/security-lifecycle-mgmnt.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/edge_computing/day_2_core_cnf_clusters/updating/update-welcome.html[Upgrading a telco core CNF clusters]

edge_computing/day_2_core_cnf_clusters/security/security-host-sec.adoc

@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="security-host-sec"]
+= Host security
+include::_attributes/common-attributes.adoc[]
+:context: security-host-sec
+
+toc::[]
+
+include::modules/security-rhcos-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/architecture/architecture-rhcos.html#rhcos-about_architecture-rhcos[About RHCOS]
+
+* link:https://docs.openshift.com/container-platform/4.17/architecture/architecture-rhcos.html[Red Hat Enterprise Linux CoreOS (RHCOS)].
+
+* link:https://docs.openshift.com/container-platform/4.17/edge_computing/day_2_core_cnf_clusters/security/security-host-sec.html#security-linux-capabilities-overview_security-host-sec[Linux capabilities].
+
+include::modules/security-command-line-host-access.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/support/troubleshooting/investigating-pod-issues.html#starting-debug-pods-with-root-access_investigating-pod-issues[Starting debug pods with root access].
+
+include::modules/security-linux-capabilities-overview.adoc[leveloffset=+1]

edge_computing/day_2_core_cnf_clusters/security/telco-security-sec-context-constraints.adoc renamed to edge_computing/day_2_core_cnf_clusters/security/security-sec-context-constraints.adoc

@@ -1,8 +1,8 @@
 :_mod-docs-content-type: ASSEMBLY
-[id="telco-security-sec-context-constraints"]
+[id="security-sec-context-constraints"]
 = Security context constraints
 include::_attributes/common-attributes.adoc[]
-:context: telco-security-sec-context-constraints
+:context: security-sec-context-constraints
 :imagesdir: images
 
 toc::[]
@@ -26,13 +26,13 @@ Security context constraints allow an administrator to control the following sec
 
 Default SCCs are created during installation and when you install some Operators or other components. As a cluster administrator, you can also create your own SCCs by using the OpenShift CLI (`oc`).
 
-For information about default security context constraints, see xref:../../../authentication/managing-security-context-constraints.adoc#default-sccs_configuring-internal-oauth[Default security context constraints].
+For information about default security context constraints, see link:https://docs.openshift.com/container-platform/4.17/authentication/managing-security-context-constraints.html#default-sccs_configuring-internal-oauth[Default security context constraints].
 
 [IMPORTANT]
 ====
 Do not modify the default SCCs. Customizing the default SCCs can lead to issues when some of the platform pods deploy or {product-title} is upgraded. Additionally, the default SCC values are reset to the defaults during some cluster upgrades, which discards all customizations to those SCCs.
 
-Instead of modifying the default SCCs, create and modify your own SCCs as needed. For detailed steps, see xref:../../../authentication/managing-security-context-constraints.adoc#security-context-constraints-creating_configuring-internal-oauth[Creating security context constraints].
+Instead of modifying the default SCCs, create and modify your own SCCs as needed. For detailed steps, see link:https://docs.openshift.com/container-platform/4.17/authentication/managing-security-context-constraints.html#security-context-constraints-creating_configuring-internal-oauth[Creating security context constraints].
 ====
 
 You can use the following basic SCCs:
@@ -43,10 +43,13 @@ You can use the following basic SCCs:
 The `restricted-v2` SCC is the most restrictive SCC provided by a new installation and is used by default for authenticated users. It aligns with Pod Security Admission (PSA) restrictions and improves security, as the original `restricted` SCC is less restrictive. It also helps transition from the original SCCs to v2 across multiple releases. Eventually, the original SCCs get deprecated. Therefore, it is recommended to use the `restricted-v2` SCC.
 
 You can examine the `restricted-v2` SCC by running the following command:
++
 [source,terminal]
 ----
 $ oc describe scc restricted-v2
 ----
+
++
 .Example output
 [source,terminal]
 ----
@@ -93,4 +96,4 @@ The `restricted-v2` SCC explicitly denies everything except what it explicitly a
 * Allowed capabilities: `NET_BIND_SERVICE`. A pod can request this capability, but it is not added by default.
 * Allowed `seccomp` profiles: `runtime/default`. 
 
-For more information, see xref:../../../authentication/managing-security-context-constraints.adoc[Managing security context constraints].
+For more information, see link:https://docs.openshift.com/container-platform/4.17/authentication/managing-security-context-constraints.html[Managing security context constraints].

edge_computing/day_2_core_cnf_clusters/security/telco-security-basics.adoc

@@ -0,0 +1,52 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="security-basics"]
+= Security basics
+include::_attributes/common-attributes.adoc[]
+:context: security-basics
+
+toc::[]
+
+Security is a critical component of {product-title} deployments , particularly when running cloud-native applications. 
+
+You can enhance security for high-bandwidth network deployments by following key security considerations. By implementing these standards and best practices, you can strengthen security in most use cases.
+
+include::modules/security-rbac-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/authentication/using-rbac.html#authorization-overview_using-rbac[Using RBAC to define and apply permissions]
+
+include::modules/security-sec-accounts-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/authentication/understanding-and-creating-service-accounts.html[Understanding and creating service accounts]
+
+include::modules/security-identity-prov-config.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/authentication/understanding-identity-provider.html[Understanding identity provider configuration]
+
+include::modules/security-replacing-kubeadmin-user.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/authentication/identity_providers/configuring-htpasswd-identity-provider.html#identity-provider-htpasswd-about_configuring-htpasswd-identity-provider[About htpasswd authentication]
+
+include::modules/security-sec-considerations-telco.adoc[leveloffset=+1]
+
+include::modules/security-pod-sec-in-kub-and-ocp.adoc[leveloffset=+1]
+
+include::modules/security-infra.adoc[leveloffset=+1]
+
+include::modules/security-lifecycle-mgmnt.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/edge_computing/day_2_core_cnf_clusters/updating/update-welcome.html[Upgrading a telco core CNF clusters]

edge_computing/day_2_core_cnf_clusters/security/telco-security-host-sec.adoc

@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * edge_computing/day_2_core_cnf_clusters/security/telco-security-host-sec.adoc
+// * edge_computing/day_2_core_cnf_clusters/security/security-host-sec.adoc
 
 :_mod-docs-content-type: CONCEPT
-[id="telco-security-command-line-host-access_{context}"]
+[id="security-command-line-host-access_{context}"]
 = Command-line host access
 
 Direct access to a host must be restricted to avoid modifying the host or accessing pods that should not be accessed. For users who need direct access to a host, it is recommended to use an external authenticator, like SSSD with LDAP, to manage access. This helps maintain consistency across the cluster through the Machine Config Operator.

modules/security-basics.adoc

@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="security-host-sec"]
+= Host security
+include::_attributes/common-attributes.adoc[]
+:context: security-host-sec
+
+toc::[]
+
+include::modules/security-rhcos-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/architecture/architecture-rhcos.html#rhcos-about_architecture-rhcos[About RHCOS]
+
+* link:https://docs.openshift.com/container-platform/4.17/architecture/architecture-rhcos.html[Red Hat Enterprise Linux CoreOS (RHCOS)].
+
+* link:https://docs.openshift.com/container-platform/4.17/edge_computing/day_2_core_cnf_clusters/security/security-host-sec.html#security-linux-capabilities-overview_security-host-sec[Linux capabilities].
+
+include::modules/security-command-line-host-access.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/4.17/support/troubleshooting/investigating-pod-issues.html#starting-debug-pods-with-root-access_investigating-pod-issues[Starting debug pods with root access].
+
+include::modules/security-linux-capabilities-overview.adoc[leveloffset=+1]

modules/telco-security-command-line-host-access.adoc renamed to modules/security-command-line-host-access.adoc

@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * edge_computing/day_2_core_cnf_clusters/security/telco-security-basics.adoc
+// * edge_computing/day_2_core_cnf_clusters/security/security-basics.adoc
 
 :_mod-docs-content-type: CONCEPT
-[id="telco-security-identity-prov-config_{context}"]
+[id="security-identity-prov-config_{context}"]
 = Identity provider configuration
 
 Configuring an identity provider is the first step in setting up users on the cluster. You can manage groups at the organizational level by using an identity provider. 

modules/security-host-sec.adoc

@@ -0,0 +1,11 @@
+// Module included in the following assemblies:
+//
+// * edge_computing/day_2_core_cnf_clusters/security/security-basics.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="security-infra_{context}"]
+= Bare metal-based infrastructure
+
+Hardware requirements:: In several industries, such as telco and finance, clusters are primarily built on bare-metal hardware. This means that the (op-system-first) operating system is installed directly on the physical machines, without using virtual machines. This reduces network connectivity complexity, minimizes latency, and optimizes CPU usage for applications.
+
+Network requirements:: Networks in these industries sometimes require much higher bandwidth compared to standard IT networks. For example, Telco networks commonly use dual-port 25 GB connections or 100 GB network interface cards (NICs) to handle massive data throughput. Security is critical, requiring encrypted connections and secure endpoints to protect sensitive personal data.