Kubernetes as a client TLS validation question #6119
Comments
|
Honestly, there's multiple strategies used, and it's possible to override validation. Kops doesn't configure all the validation it could & should, and I'm proposing that we make kops the most secure configuration available. There's a great list in #6150 , so I'd like to track these efforts there. I'll close this, if that's OK! |
Hello, thanks for the response. I see the CIS benchmark mentioned in #6150 as helpful, but do not see a straightforward mapping to this question. Which settings affect which TLS connections and in which way? |
|
@justinsb any thoughts on the above? Could we potentially reopen this issue until the concerns are cleared? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Does Kubernetes (installed using KOPS 1.10+), as a client, perform TLS validation, and in what form? This scopes any and all connections between the Kubernetes nodes, as well as connection to external TLS/HTTPS services, if applicable. What root CA does the client trust? Does the client perform certificate validity and signature check? Hostname check? Etc.
The text was updated successfully, but these errors were encountered: