Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Agent: Add grpctls proxy API endpoints
This commit is an initial step towards mitigating the risk of untrustworthy host systems when running Kata Containers in the context of confidential computing. It serves to safeguard against malicious, privileged users gaining access to the vulnerable Kata control plane. In scenarios where a malicious cloud service provider or administrator might intercept or compromise commands from the Kata control plane, tamper with container configuration files, execute processes within the container, retrieve workload statistics, or obtain sensitive container workload information, this protective measure becomes crucial. This commit addresses the following open issues: [Securing the Kata Control Plane](confidential-containers/confidential-containers#53) and RFC: Separate trust realms for tenant and host kata-containers#1834. A detail history can be found in: https://github.com/ray-valdez/kata-containers/tree/split-api-feature. The commit introduces a new split API mode in the kata-agent, which partitions the kata-agent’s API endpoints between h**ost-side** and **owner-side** controllers. When this mode is enabled, the host-side controller is restricted to manage resource allocation during startup and resource recycling at termination. In contrasts, the owner-side controller allows workload owners to directly manage theIR deployment pod and containers. This partitioning implicitly labels kata-agent’s endpoint APIs as _host-exclusive_, _owner-exclusive_, or _shared_. Host-exclusive and owner-exclusive APIs are assigned specifically to either the host-side or owner-side. For instance, `CreateSandbox` and `DestroySandbox` are examples of host-exclusive APIs, while `CopyFile` and `ExecProcess` are examples of owner-exclusive APIs. Shared APIs include those that must be shared to some extent between the control planes, such as `GetOOMEvent` and `GetGuestDetails`. This commit focuses on providing a secure channel for the owner-side to access owner-exlusive and shared APIs. Future commit(s) will restrict the host-side access to owner-exclusive APIs when split mode is enabled on the kata-agent and will address the sharing of APIs between host-side and owner-side. This commit implements the following changes: - Introduces the split mode to the kata-agent. - Integrates a gRPC TLS server to handle API requests from the owner-side. We refer to this as the kata-agent’s API proxy server which ensures that workload owners can establish a secure end-to-end communication channel with the kata-agent tor invoking API endpoint commands. - Utilizes the Key Broker Service (KBS) to provision secrets, i.e., cryptographic public and private key pairs, These secrets are crucial for establishing a secure communication channel between the owner-side and the API proxy server. To enable split mode functionality, the following steps are required: 1. Configuration: Modify the `kernel_params` option in the Kata's configuration.toml file to enable split mode and specify the IP address of the KBS. - Add following settings to the `kernel_params` option: `agent.split_api=true` and `agent.aa_kbc_params=cc_kbc::http://[IP_ADDRESS]:[PORT]`. 2. Dependency on KBS: The kata-agent relies on the KBS to provision cryptographic keys to the split API proxy server, facilitating the establishment of a secure channel. - Generate TLS keys and certificates for kata-agent’s API proxy server and client (owner-side) ``` $ KATA_DIR=”<PATH to cloned repo>” $ pushd ${KATA_DIR}/src/agent/grpc_tls_keys $ ./gen_key_cert.sh ``` - Create a zip file named 'tls-keys.zip' containing the CA public key and the server’s public and private key pair ` $ zip tls-keys.zip server.pem server.key ca.pem` - Place this zip file in the KBS resource path '/default/tenant-keys/'. During sandbox creation, the kata-agent retrieves this file using the KBS 'get resource' API. It's important to note that the KBS conducts a background check on the key request, verifying evidence provided by the Trusted Execution Environment (TEE). Future extensions to the KBS will automate the creation of the server’s public and private key pair for each sandbox. ` $ popd` To exercise the API proxy server, we provide the Kata Containers agent TLS control tool (kata-agent-tls-ctl), derived from the kata-agent-ctl tool in another commit. This tool communicates over a gRPC TLS channel with the kata-agent. Similar to the kata-agent-ctl, this is a low level tool that is intended for advanced users. Future commit(s) will introduce a more user-friendly tool that maintains state, designed to function as a kubectl plugin for managing owners’ workloads. Examples of creating and starting a container using kata-agent-tls-ctl: Setup environment ``` $ export guest_addr=10.89.0.28 # IP address associated with the confidential VM $ export guest_port=50090 # API proxy server’s port (listens on) $ export ctl=./target/x86_64-unknown-linux-musl/release/kata-agent-tls-ctl $ export key_dir=${KATA_DIR}/src/agent/grpc_tls_key ``` Display the status of containers in the sandbox environment ``` $ ${ctl} -l trace connect --key-dir "${key_dir}" --bundle-dir "${bundle_dir}" \ --server-address "ipaddr://${guest_addr}:${guest_port}" \ -c "ListContainers" ``` Set a container ID and specify an OCI spec: ``` $ container_id=9e3d1d4750e4e20945d22c358e13c85c6b88922513bce2832c0cf403f065dc6 $ OCI_SPEC_CONFIG=${KATA_DIR}/src/tools/agent-tls-ctl/config.json ``` _Note: the next two commands require pull_image support in the guest!_ **Create container request** ``` $ ${ctl} -l trace connect --key-dir "${key_dir}" --bundle-dir "${bundle_dir}" \ --server-address "ipaddr://${guest_addr}:${guest_port}" \ -c "CreateContainer cid=${container_id} spec=file:///${OCI_SPEC_CONFIG}" ``` **Start container request** ``` $ ${ctl} -l trace connect --no-auto-values --key-dir "${key_dir}" --bundle-dir "${bundle_dir}" \ --server-address "ipaddr://${guest_addr}:${guest_port}" \ -c "StartContainer json://{\"container_id\": \"${container_id}\"}" ``` Fixes: kata-containers#1834
- Loading branch information