add k8gb security self-assessment #1446
Conversation
Signed-off-by: Bradley Andersen <[email protected]>
✅ Deploy Preview for tag-security ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Co-authored-by: Justin Cappos <[email protected]> Signed-off-by: Bradley Andersen <[email protected]>
from https://github.com/k8gb-io/k8gb/pull/1820/commits Signed-off-by: Bradley Andersen <[email protected]>
|
This issue has been automatically marked as inactive because it has not had recent activity. |
|
/fresh @JustinCappos @eddie-knight what's left for the k8gb folk to do here please? |
|
Do they want a joint assessment done or just to have this merged? I looked and it seems they addressed my comments. It has a ways to go before being ready for a joint assessment, but is fine to merge. |
JustinCappos
left a comment
JustinCappos
left a comment
There was a problem hiding this comment.
After these issues are addressed, I will approve merging as a self assessment. If there is something you don't want to address or can't, feel free to discuss and we can merge without this change.
If you want a joint assessment (for incubation), then after completing this, you also need to fill out issue template to start that process.
|
|
||
| ### Future state | ||
|
|
||
| If k8gb is not compliant with any standards, note that here. Why is k8gb not compliant with any standards, and why that is the case. Will it need to be compliant in the future? |
There was a problem hiding this comment.
This should be updated with actual content
|
|
||
| ## Overview | ||
|
|
||
| k8gb is implemented using the Kubernetes operator pattern with a single CRD to enable Global Load Balancing. k8gb provides independent GSLB capability to any Ingress or Service without a dedicated management cluster, instead relying on timeproof DNS. k8gb has no single point of failure, and uses Kubernetes native application health checks (such as liveness and readiness probes) to update DNS to aid in load balancing decisions. |
There was a problem hiding this comment.
need to define acronyms the first time they are used
There was a problem hiding this comment.
To be honest, I don't clearly understand what you're doing from this. There are too many new terms and not enough context. I read a fair amount of your docs and have a better understanding, but this should be clearer.
| Provide secure default configurations and documentation to help users deploy K8GB in a way that aligns with Kubernetes security best practices. | ||
|
|
||
| These goals aim to make K8GB a reliable and secure solution for global load balancing while minimizing risks and ensuring trust in the project's artifacts. | ||
|
|
There was a problem hiding this comment.
I would assume you actually want to route traffic to only the correct places, balance it according to the policies specified, etc.
|
|
||
| #### Traffic Handling and TLS Termination: | ||
|
|
||
| k8gb does not pass application traffic through itself or handle TLS/HTTP connections directly. These responsibilities are offloaded to referenced networking resources, such as Kubernetes Ingress controllers or service meshes. |
There was a problem hiding this comment.
So, it directs requests for a DNS name. This certainly (indirectly) impacts the sorts of issues you describe, right?
|
|
||
| This document serves to provide k8gb users with an initial understanding of k8gb's security, where to find existing security documentation, k8gb plans for security, and general overview of k8gb security practices, both for development of k8gb as well as security of k8gb. | ||
|
|
||
| This document provides the CNCF TAG-Security with an initial understanding of k8gb to assist in a joint-assessment, necessary for projects under incubation. Taken together, this document and the joint-assessment serve as a cornerstone for if and when k8gb seeks graduation and is preparing for a security audit. |
There was a problem hiding this comment.
All the TAG Security mentions should use the new name TAG Security and Compliance
|
|
||
| | Component | Applicability | Description of Importance | | ||
| | --------- | ------------- | ------------------------- | | ||
| | DNS-Based Traffic Management| `Critical`| k8gb uses DNS for global load balancing and failover, ensuring that traffic is routed to healthy clusters without passing through k8gb itself. This design minimizes the attack surface and reduces the risk of traffic interception or manipulation. | |
There was a problem hiding this comment.
Reduces the risk versus what? Versus a design without going global load balancing?
|
|
||
| ### Development pipeline | ||
|
|
||
| In order to secure the SDLC from development to deployment, the following measures are in place. Please consult the roadmap for information about how this list is growing. |
There was a problem hiding this comment.
Consider adding a SLSA / Baseline discussion.
Updates the k8gb security self-assessment document based on feedback from cncf/tag-security#1446. Changes: - Define acronyms on first use throughout document - Update references to "CNCF TAG Security and Compliance" - Enhance overview section with clearer context and explanations - Replace placeholder "Future state" section with actual compliance content - Clarify risk reduction comparisons with specific context - Correctly reflect SLSA Level 3 compliance with signed provenance - Distinguish between functional and security-focused pipeline components These improvements make the self-assessment more accessible to readers unfamiliar with k8gb while accurately representing the project's security practices and compliance achievements. Signed-off-by: Yury Tsarev <[email protected]>
…2034) Updates the k8gb security self-assessment document based on feedback from cncf/tag-security#1446. Changes: - Define acronyms on first use throughout document - Update references to "CNCF TAG Security and Compliance" - Enhance overview section with clearer context and explanations - Replace placeholder "Future state" section with actual compliance content - Clarify risk reduction comparisons with specific context - Correctly reflect SLSA Level 3 compliance with signed provenance - Distinguish between functional and security-focused pipeline components These improvements make the self-assessment more accessible to readers unfamiliar with k8gb while accurately representing the project's security practices and compliance achievements. Signed-off-by: Yury Tsarev <[email protected]>
|
Hi @JustinCappos - thank you for the guidance 🙇 We have attempted to address everything in k8gb-io/k8gb#2034. |
Address CNCF TAG Security and Compliance feedback on self-assessment Signed-off-by: Bradley Andersen <[email protected]>
Co-authored-by: Justin Cappos <[email protected]> Signed-off-by: Bradley Andersen <[email protected]>
…8gb-io#2034) Updates the k8gb security self-assessment document based on feedback from cncf/tag-security#1446. Changes: - Define acronyms on first use throughout document - Update references to "CNCF TAG Security and Compliance" - Enhance overview section with clearer context and explanations - Replace placeholder "Future state" section with actual compliance content - Clarify risk reduction comparisons with specific context - Correctly reflect SLSA Level 3 compliance with signed provenance - Distinguish between functional and security-focused pipeline components These improvements make the self-assessment more accessible to readers unfamiliar with k8gb while accurately representing the project's security practices and compliance achievements. Signed-off-by: Yury Tsarev <[email protected]>
|
Would you be able to open this against the TOC repo instead? it can go in the k8sgb project directory. |
5 participants
No description provided.