-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubernetes pod and namespace security model #4029
Conversation
Also references #4126 |
Will look at monday when I return to work.
|
* are less focused about application security | ||
|
||
* Administrators: | ||
* are less focused on application security. Focused on operation system security. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/operation/operating
minor typos, and we will need to come back to a discussion of how practical 4b and 4c are. But LGTM. |
This proposed update to docs/design/security.md includes proposals on how to ensure containers have consistent Linux security behavior across nodes, how containers authenticate and authorize to the master and other components, and how secret data could be distributed to pods to allow that authentication. References concepts from kubernetes#3910, kubernetes#2030, and kubernetes#2297 as well as upstream issues around the Docker vault and Docker secrets.
96cd956
to
358d1ab
Compare
Comments and questions updated. ----- Original Message -----
|
Kubernetes pod and namespace security model
You might be interested in this recent security design for etcd. Would be interesting to get your feedback there: etcd-io/etcd#2384 |
Kubernetes pod and namespace security model
This proposed update to docs/design/security.md includes proposals
on how to ensure containers have consistent Linux security behavior
across nodes, how containers authenticate and authorize to the master
and other components, and how secret data could be distributed to
pods to allow that authentication.
References concepts from #3910, #2030, and #2297 as well as upstream issues
around the Docker vault and Docker secrets.
Pulled together to frame the discussion from #3910 as a cross Kubernetes
concept as per @erictune