chabowski
commented
2 weeks ago @smangelkramer Hi Sebastian, thanks very much for reaching out to us!
@Suse-KevinKlinger @dmathern86 would you mind having a look and respond? Thank you!
Open smangelkramer opened 3 weeks ago
chabowski
commented
2 weeks ago @smangelkramer Hi Sebastian, thanks very much for reaching out to us!
@Suse-KevinKlinger @dmathern86 would you mind having a look and respond? Thank you!
smangelkramer
commented
2 weeks ago @dmathern86 and I will meet in Frankfurt today at SUSE summit 24. This will be productive i think ;-)
Edge Integration Cell on SUSE:
https://documentation.suse.com/sbp/sap-other/html/SAP-EIC/index.html#
Your document does not mention any settings regarding RKE2 Security. Only a screenshot shows a ‘default’ policy.
We usually harden our RKE2 clusters completely according to CIS and others - this includes the following spec of the
kind: ClusterHowever, SAP Services and especially Istio seem to require some capabilities or extended rights.
These should be listed in technical documentation. Above all, a fundamental hardening of the installations - especially in this environment - is not an option but a necessary measure.
Another question is whether it would not make more sense to use existing operators for PostgreSQL and Redis - especially as these would make this point ( https://documentation.suse.com/sbp/sap-other/html/SAP-EIC/index.html#selfSignedCertificates ) elegantly obsolete.
Best regards Sebastian