DC/OS Open Source Security

Managing security in your datacenter using DC/OS Open Source

Ensure the network is set up according to the information for securing your cluster.

All access management in DC/OS is done via the DC/OS Identity and Access Manager (IAM). This includes user account management, login, and authentication token distribution. The IAM provides an HTTP API for managing user accounts in a RESTful fashion.

Authentication tokens can be obtained using OpenID Connect 1.0, which is an identity layer built on top of the OAuth 2.0 protocol.

Local user and service accounts can be configured for logging in without external dependencies and for automating authentication against the cluster in a secure manner.

Further reading

• Let’s encrypt DC/OS!: a blog post about using Let’s Encrypt with services running on DC/OS.

Future work

We are looking forward to working with the DC/OS community on improving existing security features as well as on introducing new ones in the coming releases.

Next Steps

• Understand DC/OS security
• Learn how to monitor a DC/OS cluster

[

User Account Management

Managing DC/OS user accounts

]($6f993d4ef456ca62.md)[

Login

Logging in to your DC/OS cluster

]($966d24a0bb7f5a84.md)[

Authentication

Authenticating users against DC/OS

]($a905a9a44ef1cea5.md)[

Secure computing profiles

ENTERPRISE

Describes how to configure DC/OS to work with Linux secure computing (seccomp) profiles

]($4f696c6d8b4a4eb8.md)[

Identity and Access Management API

Using the DC/OS Identity and Access Management API

]($184cadc558abb848.md)[

HAProxy and Admin Router

Configuring HAProxy in front of an Admin Router

]($3e2190b85b7bcb82.md)