Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure sensitive bootstrap data #915

Open
CecileRobertMichon opened this issue Aug 31, 2020 · 14 comments
Open

Secure sensitive bootstrap data #915

CecileRobertMichon opened this issue Aug 31, 2020 · 14 comments
Assignees
@shysank @sonasingh46
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@CecileRobertMichon
Copy link
Contributor

CecileRobertMichon commented Aug 31, 2020
edited
Loading

/kind feature

Describe the solution you'd like
[A clear and concise description of what you want to happen.]

CAPI generates sensitive cluster data (such as private keys) for the apiserver, etcd, etc. These are stored as secrets in Kubernetes. The kubeadm bootstrapper copies the contents of the secrets into bootstrap data in the KubeadmConfig resource, which is then copied into the Machine resource.
from kubernetes-sigs/cluster-api#1739

CAPZ uses this bootstrap data as the user data for the VM/VMSS. If a user has read-only access to the VM via Azure API, this could grant them access to the user data, and therefore access to the sensitive data.

Azure recommends not placing any sensitive values in custom data https://docs.microsoft.com/en-us/azure/virtual-machines/custom-data#can-i-place-sensitive-values-in-custom-data.

We should secure the bootstrap data, for example by using Azure keyvault storage to store the data such that only the VM has access to that data, but not a user that has access to the VM.

/priority important-longterm
/milestone next

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Environment:

  • cluster-api-provider-azure version:
  • Kubernetes version: (use kubectl version):
  • OS (e.g. from /etc/os-release):
@k8s-ci-robot k8s-ci-robot added this to the next milestone Aug 31, 2020
@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Aug 31, 2020
@jsturtevant
Copy link
Contributor

for example by using Azure keyvault storage to store the data such that only the VM has access to that data, but not a user that has access to the VM.

By "user that has access to the VM", do you mean access to the physical VM or the azure resource via the ARM api? I believe the files would still need to have to live on the VM it's self for kubeadm to do it's job?

@CecileRobertMichon
Copy link
Contributor Author

By "user that has access to the VM", do you mean access to the physical VM or the azure resource via the ARM api? I believe the files would still need to have to live on the VM it's self for kubeadm to do it's job?

The latter. Updated that sentence for clarity, thanks!

@nader-ziada nader-ziada modified the milestones: next, v0.4.9 Sep 3, 2020
@devigned
Copy link
Contributor

/assign

@CecileRobertMichon CecileRobertMichon modified the milestones: v0.4.9, v0.4.10 Oct 1, 2020
@CecileRobertMichon
Copy link
Contributor Author

/milestone next

@k8s-ci-robot k8s-ci-robot modified the milestones: v0.4.10, next Oct 1, 2020
@CecileRobertMichon CecileRobertMichon modified the milestones: next, v0.5.x Nov 12, 2020
@shysank
Copy link
Contributor

shysank commented Nov 16, 2020

/assign

@CecileRobertMichon
Copy link
Contributor Author

@shysank prefer starting work on this I would recommend reaching out to @randomvariable because some of this work might overlap with kubernetes-sigs/cluster-api#3761

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 14, 2021
@CecileRobertMichon
Copy link
Contributor Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 16, 2021
@CecileRobertMichon
Copy link
Contributor Author

/remove-lifecycle stale

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 17, 2021
@CecileRobertMichon
Copy link
Contributor Author

/remove-lifecycle stale
/lifecycle frozen

Handled as part of kubernetes-sigs/cluster-api#4219

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 18, 2021
@k8s-ci-robot k8s-ci-robot added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label May 18, 2021
@nader-ziada nader-ziada modified the milestones: v0.5.x, v0.5 Aug 26, 2021
@CecileRobertMichon CecileRobertMichon modified the milestones: v0.5, next Oct 28, 2021
@sedefsavas sedefsavas mentioned this issue Mar 10, 2022
Open
@shysank shysank mentioned this issue Mar 23, 2022
Closed
3 tasks
@sonasingh46
Copy link
Contributor

/assign sonasingh46

@mboersma
Copy link
Contributor

/milestone v1.6

@k8s-ci-robot k8s-ci-robot modified the milestones: next, v1.6 Sep 29, 2022
@jackfrancis jackfrancis modified the milestones: v1.6, next Nov 3, 2022
@sonasingh46 sonasingh46 mentioned this issue Dec 15, 2022
Merged
3 tasks
@dtzar dtzar mentioned this issue Jan 4, 2023
Open
@dtzar
Copy link
Contributor

dtzar commented Apr 4, 2023

@sonasingh46 - where are we at with this one?

@dtzar dtzar removed this from the next milestone May 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shysank shysank

@sonasingh46 sonasingh46

Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
CAPZ Planning
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Secure bootstrapping for capz machines shysank/cluster-api-provider-azure