Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more detail about security risks and mitigation strategies for checkpointing containers #41638

Closed
Nitishupkr opened this issue Jun 14, 2023 · 14 comments
Closed

Add more detail about security risks and mitigation strategies for checkpointing containers #41638

Nitishupkr opened this issue Jun 14, 2023 · 14 comments
Assignees
@Nitishupkr
Labels
kind/feature Categorizes issue or PR as related to a new feature. language/en Issues or PRs related to English language lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/security Categorizes an issue or PR as relevant to SIG Security.

Comments

@Nitishupkr
Copy link

More information about the security implications of checkpointing containers. As mentioned in the documentation, checkpointing a container creates a stateful copy of the container's memory, which could contain sensitive data. It is important to be aware of this security risk and to take steps to protect sensitive data when checkpointing containers.
@Nitishupkr Nitishupkr added the kind/feature Categorizes issue or PR as related to a new feature. label Jun 14, 2023
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Jun 14, 2023
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Nitishupkr Nitishupkr changed the title More information about the security implications of checkpointing containers More information about the security implications of checkpointing containers in kubelet-checkpoint-api.md Jun 14, 2023
@Nitishupkr
Copy link
Author

/triage accepted

@k8s-ci-robot
Copy link
Contributor

@Nitishupkr: The label triage/accepted cannot be applied. Only GitHub organization members can add the label.

In response to this:

/triage accepted

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dipesh-rawat
Copy link
Member

Page related to issue: https://kubernetes.io/docs/reference/node/kubelet-checkpoint-api/
/language en

@k8s-ci-robot k8s-ci-robot added the language/en Issues or PRs related to English language label Jun 14, 2023
@dipesh-rawat
Copy link
Member

/retitle Add more detail about security risks and mitigation strategies for checkpointing containers

@k8s-ci-robot k8s-ci-robot changed the title More information about the security implications of checkpointing containers in kubelet-checkpoint-api.md Add more detail about security risks and mitigation strategies for checkpointing containers Jun 14, 2023
@Nitishupkr
Copy link
Author

assign me i will rise PR for this soon @dipesh-rawat

@utkarsh-singh1
Copy link
Contributor

Hi @Nitishupkr , you can assign any issue to yourself by just writing this label -
[ /assign ] without brackets in the comment.

@Nitishupkr
Copy link
Author

/assign

@sftim
Copy link
Contributor

sftim commented Jun 15, 2023

/sig security

/priority backlog
(because checkpoints are an optional alpha feature)

@k8s-ci-robot k8s-ci-robot added sig/security Categorizes an issue or PR as relevant to SIG Security. priority/backlog Higher priority than priority/awaiting-more-evidence. labels Jun 15, 2023
@Nitishupkr Nitishupkr mentioned this issue Jun 17, 2023
Closed
@sftim
Copy link
Contributor

sftim commented Jun 18, 2023

/sig node

@k8s-ci-robot k8s-ci-robot added the sig/node Categorizes an issue or PR as relevant to SIG Node. label Jun 18, 2023
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 22, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Feb 21, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

@k8s-ci-robot k8s-ci-robot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 22, 2024
@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Nitishupkr Nitishupkr

Labels
kind/feature Categorizes issue or PR as related to a new feature. language/en Issues or PRs related to English language lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/security Categorizes an issue or PR as relevant to SIG Security.
Projects
None yet
Milestone
No milestone
6 participants
@dipesh-rawat @k8s-ci-robot @sftim @k8s-triage-robot @Nitishupkr @utkarsh-singh1