← 返回
未分类 中文

OpenShift Hardening

Professional OpenShift Container Platform security configuration generator that creates hardened deployment manifests and security policies.
专业的OpenShift容器平台安全配置生成器,可生成强化部署清单和安全策略。
krishnakumarmahadevan-cmd krishnakumarmahadevan-cmd 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 307
下载
💾 0
安装
1
版本
#latest

概述

Overview

The Red Hat OpenShift Security Hardening Tool is a professional-grade API designed to generate security-hardened configuration files for OpenShift Container Platform deployments. Built for DevSecOps teams and platform engineers, this tool automates the creation of security baselines that align with industry best practices and compliance frameworks.

The tool enables organizations to rapidly deploy secure OpenShift clusters by generating pre-configured security policies, network policies, RBAC configurations, and pod security standards. Rather than manually crafting security controls, users specify their hardening requirements and receive production-ready configuration files that enforce security controls across their containerized infrastructure.

Ideal users include DevSecOps engineers, Kubernetes platform administrators, security architects, and organizations undergoing compliance audits (SOC 2, PCI-DSS, HIPAA) who need to demonstrate and maintain security posture across OpenShift deployments.

Usage

Sample Request

{
  "sessionId": "sess_8f3c4a2b9e1d7f5k",
  "userId": 12345,
  "timestamp": "2024-01-15T10:30:00Z",
  "hardeningOptions": {
    "networkPolicy": ["deny-all-ingress", "allow-dns", "allow-api-server"],
    "rbac": ["least-privilege", "service-account-restriction"],
    "podSecurity": ["restricted", "audit-logging"],
    "imageSecurity": ["image-scanning", "registry-whitelist"],
    "encryption": ["etcd-encryption", "tls-everywhere"]
  }
}

Sample Response

{
  "status": "success",
  "sessionId": "sess_8f3c4a2b9e1d7f5k",
  "timestamp": "2024-01-15T10:30:05Z",
  "hardeningConfig": {
    "networkPolicies": [
      {
        "apiVersion": "networking.k8s.io/v1",
        "kind": "NetworkPolicy",
        "metadata": {
          "name": "default-deny-ingress",
          "namespace": "default"
        },
        "spec": {
          "podSelector": {},
          "policyTypes": ["Ingress"]
        }
      }
    ],
    "rbacConfigurations": [
      {
        "apiVersion": "rbac.authorization.k8s.io/v1",
        "kind": "ClusterRole",
        "metadata": {
          "name": "pod-reader"
        },
        "rules": [
          {
            "apiGroups": [""],
            "resources": ["pods"],
            "verbs": ["get", "list"]
          }
        ]
      }
    ],
    "podSecurityStandards": {
      "enforce": "restricted",
      "audit": "restricted",
      "warn": "restricted"
    },
    "securityPolicies": {
      "imagePullPolicy": "Always",
      "allowPrivilegedEscalation": false,
      "runAsNonRoot": true,
      "readOnlyRootFilesystem": true
    }
  },
  "configFiles": {
    "count": 12,
    "formats": ["yaml", "json"],
    "downloadUrl": "https://api.mkkpro.com/hardening/openshift/download/sess_8f3c4a2b9e1d7f5k"
  },
  "complianceMapping": {
    "frameworks": ["CIS Kubernetes Benchmark", "NIST Cybersecurity Framework", "PCI-DSS"],
    "coveragePercentage": 94
  }
}

Endpoints

GET /

Health check endpoint to verify API availability.

Method: GET

Path: /

Description: Returns service health status and basic API information.

Parameters: None

Response Schema:

Status: 200 OK
Content-Type: application/json
Body: {} (empty object or service status metadata)

POST /api/hardening/generate

Generate OpenShift security hardening configuration files based on specified security requirements.

Method: POST

Path: /api/hardening/generate

Description: Accepts hardening options and generates complete, production-ready OpenShift security configuration files including network policies, RBAC rules, pod security standards, and encryption settings.

Request Parameters:

ParameterTypeRequiredDescription
----------------------------------------
sessionIdstringYesUnique session identifier for tracking and audit purposes
userIdintegerNoOptional user identifier for multi-tenant tracking
timestampstringYesISO 8601 formatted timestamp of the request
hardeningOptionsobjectYesDictionary mapping hardening categories to arrays of specific options (e.g., {"networkPolicy": ["deny-all-ingress"], "rbac": ["least-privilege"]})

Response Schema:

Status: 200 OK
Content-Type: application/json
Body: {
  "status": "success",
  "sessionId": "string",
  "timestamp": "string",
  "hardeningConfig": {
    "networkPolicies": [...],
    "rbacConfigurations": [...],
    "podSecurityStandards": {...},
    "securityPolicies": {...}
  },
  "configFiles": {
    "count": integer,
    "formats": ["yaml", "json"],
    "downloadUrl": "string"
  },
  "complianceMapping": {
    "frameworks": [...],
    "coveragePercentage": integer
  }
}

Error Response (422):

Status: 422 Unprocessable Entity
Content-Type: application/json
Body: {
  "detail": [
    {
      "loc": ["body", "hardeningOptions"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

GET /api/hardening/options

Retrieve all available hardening options and categories supported by the tool.

Method: GET

Path: /api/hardening/options

Description: Returns a comprehensive list of all available hardening options organized by category, including descriptions and compatibility information for different OpenShift versions.

Parameters: None

Response Schema:

Status: 200 OK
Content-Type: application/json
Body: {
  "categories": {
    "networkPolicy": {
      "options": [
        {"id": "deny-all-ingress", "description": "...", "versions": ["4.10+"]},
        {"id": "allow-dns", "description": "...", "versions": ["4.10+"]}
      ]
    },
    "rbac": {
      "options": [
        {"id": "least-privilege", "description": "...", "versions": ["4.10+"]},
        {"id": "service-account-restriction", "description": "...", "versions": ["4.10+"]}
      ]
    },
    "podSecurity": {...},
    "imageSecurity": {...},
    "encryption": {...}
  },
  "metadata": {
    "totalOptions": integer,
    "lastUpdated": "string"
  }
}

Pricing

PlanCalls/DayCalls/MonthPrice
-------------------------------------
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

  • Kong Route: https://api.mkkpro.com/hardening/openshift
  • API Documentation: https://api.mkkpro.com:8144/docs

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-07 15:28 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

suspicious
查看报告

🔗 相关推荐

office-efficiency

PDF To PPTX

krishnakumarmahadevan-cmd
将PDF文档智能转换为可编辑的PowerPoint演示文稿,自动提取内容并优化格式。
★ 0 📥 1,396
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,063
it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 471 📥 78,545