Security Self-Assessment: [STRIDE-MULTIPLE] Cluster API Cloud Provider Security Guidance

kubernetes-sigs / cluster-api

Home for Cluster API, a subproject of sig-cluster-lifecycle

https://cluster-api.sigs.k8s.io

Apache License 2.0

3.45k stars 1.27k forks source link

Security Self-Assessment: [STRIDE-MULTIPLE] Cluster API Cloud Provider Security Guidance #6519

Open PushkarJ opened 2 years ago

PushkarJ commented 2 years ago

User Story

As a cloud provider I would like to know how to support Cluster API securely.

Detailed Description

Ensure credentials used by Cluster API are least privileged and setting access control on Cluster API controller namespaces to prevent unauthorized access by anyone other than cloud admin.
Implement 2FA for all maintainer accounts on Github. Apply the second pair of eyes principle when performing privileged actions such as image building or updates to the contents of the machine images.
Use short-lived credentials that are auto-renewed using node level attestation
Implement rate limits for creation, deletion and update of cloud resources
Any cloud resource not linked to a cluster after a fixed configurable period of time created by these cloud credentials, should be auto-deleted or marked for garbage collection

Related: https://github.com/kubernetes/sig-security/pull/40 /kind feature /area security /sig security

fabriziopandini commented 2 years ago

/milestone v1.2 Thanks for filing this issue; probably this should be divided into smaller issues, some of them to be addressed by providers @yastij

k8s-triage-robot commented 1 year ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

fabriziopandini commented 1 year ago

/lifecycle frozen /triage accepted /help

Still a valid point to document some general best practices, but providing specific guidance for each cloud infrastructure should be addressed by cloud providers

k8s-triage-robot commented 5 months ago

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

Confirm that this issue is still relevant with /triage accepted (org members only)
Close this issue with /close

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted

fabriziopandini commented 3 months ago

/priority backlog

fabriziopandini commented 2 months ago

What we need is a new page in the book under security with the list of points from the description above.

/remove-help /good-first issue