-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] vsphere cloud provider configuration should use secrets for credentials #194
Comments
I agree, actually I also noticed this problem when I tried the cluster api first time. |
In the cluster.yaml file, I am thinking if we need to use fernet to encrypt the vsphere credential. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle rotten |
Currently the cloud config that we generate as
/etc/kubernetes/cloud-config/cloud-config.yaml
file on the master node contains the vsphere credentials in plain text format. vsphere cloud provider supports providing these sensitive credentials via secrets out of the box. (for e.g see the test case here). Note that this approach is supported by both in-tree and out-of-tree version of the vsphere cloud provider.We need to move towards setting the vcenter credentials via secrets for the consumption of the vsphere cloud provider configuration.
However, the only catch here is that today we use kubeadm to setup and configure the kubernetes service with the vsphere cloud provider. Thus, within the workflow if kubeadm we do not have a means to create the secret needed for the vsphere cloud provider prior to starting it. Thus we would need to overcome this limitation somehow.
Note: This issue is different that #9 as that is related to credentials stored as part of the cluster-api objects and this issue is about consumption of the credentials for the vsphere cloud provider that we configure for the target cluster.
The text was updated successfully, but these errors were encountered: