CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
typhoon/docs/topics/security.md

53 lines
2.5 KiB
Markdown
Raw Normal View History

README: Add IRC link, CHANGES.md, and minor fixes
2017-09-23 22:02:18 +02:00
# Security
Typhoon aims to be minimal and secure. We're running it ourselves after all.
docs: Add details about security features
2017-10-02 06:38:52 +02:00
## Overview
**Kubernetes**
* etcd with peer-to-peer and client-auth TLS
* Generated kubelet TLS certificates and `kubeconfig` (365 days)
* [Role-Based Access Control](https://kubernetes.io/docs/admin/authorization/rbac/) is enabled. Apps must define RBAC policies
* Workloads run on worker nodes only, unless they tolerate the master taint
* Kubernetes [Network Policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) and Calico [Policy](https://docs.projectcalico.org/latest/reference/calicoctl/resources/policy) support [^1]
Add new tutorial docs and links
2018-08-27 08:39:41 +02:00
[^1]: Requires `networking = "calico"`. Calico is the default on AWS, bare-metal, and Google Cloud. Azure and Digital Ocean are limited to `networking = "flannel"`.
docs: Add details about security features
2017-10-02 06:38:52 +02:00
**Hosts**
* Container Linux auto-updates are enabled
* Hosts limit logins to SSH key-based auth (user "core")
**Platform**
* Cloud firewalls limit access to ssh, kube-apiserver, and ingress
* No cluster credentials are stored in Matchbox (used for bare-metal)
* No cluster credentials are stored in Digital Ocean metadata
* Cluster credentials are stored in AWS metadata (for ASGs)
Add new tutorial docs and links
2018-08-27 08:39:41 +02:00
* Cluster credentials are stored in Azure metadata (for scale sets)
* Cluster credentials are stored in Google Cloud metadata (for managed instance groups)
docs: Add details about security features
2017-10-02 06:38:52 +02:00
* No account credentials are available to Digital Ocean droplets
Add new tutorial docs and links
2018-08-27 08:39:41 +02:00
* No account credentials are available to AWS EC2 instances (no IAM permissions)
* No account credentials are available to Azure instances (no IAM permissions)
* No account credentials are available to Google Cloud instances (no IAM permissions)
docs: Add details about security features
2017-10-02 06:38:52 +02:00
## Precautions
Typhoon limits exposure to many security threats, but it is not a silver bullet. As usual,
* Do not run untrusted images or accept manifests from strangers
* Do not give untrusted users a shell behind your firewall
* Define network policies for your namespaces
## OpenPGP Signing
README: Add IRC link, CHANGES.md, and minor fixes
2017-09-23 22:02:18 +02:00
Mention Fedora Atomic system container artifacts * Typhoon for Fedora Atomic uses system containers, container images containing metadata, but built directly from upstream and published and serve through Quay.io * https://github.com/poseidon/system-containers
2018-08-22 06:52:52 +02:00
Typhoon uses upstream container images and binaries. We do not distribute artifacts of our own, except where required for system container images ([etcd](https://quay.io/repository/poseidon/etcd), [kubelet](https://quay.io/repository/poseidon/kubelet), [bootkube](https://quay.io/repository/poseidon/bootkube)) for Fedora Atomic only.
If you find artifacts claiming to be from Typhoon, please send a note.
README: Add IRC link, CHANGES.md, and minor fixes
2017-09-23 22:02:18 +02:00
## Disclosures
docs: Add details about security features
2017-10-02 06:38:52 +02:00
If you find security issues, please email dghubble at gmail. If the issue lies in upstream Kubernetes, please inform upstream Kubernetes as well.
README: Add IRC link, CHANGES.md, and minor fixes
2017-09-23 22:02:18 +02:00