[doc] Issue in "Edge Integration Cell on SUSE"

[smangelkramer]

Edge Integration Cell on SUSE:

https://documentation.suse.com/sbp/sap-other/html/SAP-EIC/index.html#

Your document does not mention any settings regarding RKE2 Security. Only a screenshot shows a ‘default’ policy.

We usually harden our RKE2 clusters completely according to CIS and others - this includes the following spec of the kind: Cluster

spec:
   ...
  defaultClusterRoleForProjectMembers: user
  defaultPodSecurityAdmissionConfigurationTemplateName: rancher-restricted
  enableNetworkPolicy: true
  kubernetesVersion: v1.29.9+rke2r1
  ... 

However, SAP Services and especially Istio seem to require some capabilities or extended rights.

These should be listed in technical documentation. Above all, a fundamental hardening of the installations - especially in this environment - is not an option but a necessary measure.

Another question is whether it would not make more sense to use existing operators for PostgreSQL and Redis - especially as these would make this point ( https://documentation.suse.com/sbp/sap-other/html/SAP-EIC/index.html#selfSignedCertificates ) elegantly obsolete.

Best regards
Sebastian

[chabowski]

@smangelkramer Hi Sebastian, thanks very much for reaching out to us!

@Suse-KevinKlinger @dmathern86 would you mind having a look and respond? Thank you!

[smangelkramer]

@dmathern86 and I will meet in Frankfurt today at SUSE summit 24. This will be productive i think ;-)