Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First draft of security doc covering minion/etcd isolation #859

Merged
merged 1 commit into from
Aug 13, 2014
Merged

First draft of security doc covering minion/etcd isolation #859

merged 1 commit into from
Aug 13, 2014

Conversation

smarterclayton
Copy link
Contributor

Covers topics raised in #846 at a high level.

@lavalamp
Copy link
Member

An additional paragraph about how a scheduler should be constrained might be handy.

@erictune might be relevant to the doc you're working on.

@smarterclayton smarterclayton mentioned this pull request Aug 12, 2014
Merged
@derekwaynecarr
Copy link
Member

LGTM - I prefer this approach over direct access to etcd from each minion.

@erictune
Copy link
Member

LGTM

erictune added a commit that referenced this pull request Aug 13, 2014
@erictune
Merge pull request #859 from smarterclayton/add_security_doc
b8ac709 
First draft of security doc covering minion/etcd isolation
@erictune erictune merged commit b8ac709 into kubernetes:master Aug 13, 2014
pchico83
pchico83 reviewed Aug 13, 2014
View reviewed changes
docs/security.md

1. Ensure a clear isolation between container and the underlying host it runs on
2. Limit the ability of the container to negatively impact the infrastructure or other containers
3. [Principle of Least Privilege](http://en.wikipedia.org/wiki/Principle_of_least_privilege) - ensure components are only authorized to perform the actions they need, and limit the scope of a compromise by limiting the capabilities of individual components
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will help etcd-io/etcd#91

smarterclayton added a commit to smarterclayton/kubernetes that referenced this pull request Aug 23, 2014
@smarterclayton
Proposal: Isolate kubelet from etcd
e54e076 
Discusses the current security risks posed by the kubelet->etcd pattern
and discusses some options.

Triggered by kubernetes#846 and referenced in kubernetes#859
@erictune erictune mentioned this pull request Sep 12, 2014
Closed
smarterclayton added a commit to smarterclayton/kubernetes that referenced this pull request Jan 4, 2015
@smarterclayton
Proposal: Isolate kubelet from etcd
99977ce 
Discusses the current security risks posed by the kubelet->etcd pattern
and discusses some options.

Triggered by kubernetes#846 and referenced in kubernetes#859
@smarterclayton smarterclayton deleted the add_security_doc branch February 11, 2015 02:21
vishh added a commit to vishh/kubernetes that referenced this pull request Apr 6, 2016
@vishh
Merge pull request kubernetes#859 from mikedanese/go1.5
5d30b67 
use vanity domain for gcloud-golang
xingzhou pushed a commit to xingzhou/kubernetes that referenced this pull request Dec 15, 2016
@smarterclayton
Proposal: Isolate kubelet from etcd
606dcf1 
Discusses the current security risks posed by the kubelet->etcd pattern
and discusses some options.

Triggered by kubernetes#846 and referenced in kubernetes#859
b3atlesfan pushed a commit to b3atlesfan/kubernetes that referenced this pull request Feb 5, 2021
@tomdee
Merge pull request kubernetes#859 from tomdee/remove-aci
34f17ae 
Makefile: Stop building ACIs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@smarterclayton @lavalamp @derekwaynecarr @erictune @pchico83