Deckhouse Stronghold administrator guide

This section is intended for administrators of Deckhouse Stronghold.

The platform’s Administrator Guide includes the following sections:

• Running on Linux OS
  • Running on Linux OS – a quick start with an example of configuring a high-availability cluster.
  • Configuration – a guide to the Standalone execution configuration parameters.
• Running on Deckhouse Kubernetes Platform
  • Platform Installation - environment preparation, installation, and initial access setup.
  • Platform Configuration – cluster node management, networking, storage systems, virtualization, and access control.
  • Platform Update – configuring update modes and windows, and manual approval of updates.
  • Platform Removal – the process of removing the platform.
• Audit
  • Introduction - what Stronghold audit logs contain, which backends are supported, and how to configure auditing safely.
  • Audit log record schema - audit record structure, key objects, and protection of sensitive data.
  • Audit log filtering - select audit records by condition and configure a fallback device.
  • Audit field exclusion - remove selected fields from audit records before they are stored.
• Backups
  • Introduction - overview of manual and automated backups for Stronghold integrated storage.
  • Save a storage snapshot - create a snapshot manually through CLI or API.
  • Inspect a snapshot - locally inspect snapshot contents and basic consistency before restore.
  • Restore from a snapshot - restore a Stronghold cluster from a saved snapshot.
  • Automated snapshots - configure schedules, storage targets, and status checks for automated backups.
• KV replication
  • Introduction - pull-based KV1/KV2 replication between Stronghold clusters. English documentation is in development.
• Namespaces
  • Introduction - isolate configuration and secrets between namespaces, manage them through CLI and API, and use Namespace API Lock.
• Cryptographic algorithms
  • Introduction - overview of TLS, storage encryption, HSM, and the algorithms available in PKI and Transit.
• Plugins
  • Introduction - overview of built-in and external Stronghold plugins and the differences between Standalone and DKP.
  • Plugins in Standalone - plugin directory, registration, versioning, and mounting of external plugins on Linux servers.
  • Plugins in DKP - plugin delivery through ModuleConfig, registration, and enablement in Deckhouse Kubernetes Platform.
• KMS and HSM
  • HSM support - PKCS11-based HSM integration for auto-unseal and root key protection; currently supported only for Standalone installations.
  • Yandex Cloud KMS - configure seal "yandexcloudkms" for auto-unseal and root key protection; currently supported only for Standalone installations.
  • Double encryption - the seal wrap mechanism that adds an extra encryption layer for critical data.

If you have any questions, you can ask for assistance in our Telegram channel. We will be happy to help and provide guidance.

If you are using the Enterprise edition, you can also email us at support@deckhouse.io for additional support.