- add token securing description

- fix broken link

Signed-off-by: arpechenin <[email protected]>

Author: arpechenin

proposals/separate-standalone-driver/README.md

@@ -151,7 +151,7 @@ Below is a scheme where, instead of creating a pod for the driver's task, we reu
 
 
 To move from the container template to the Executor Plugin template:
-- patch the [Argo compiler](https://github.com/kubeflow/pipelines/tree/a870b1a325dae0c82c8b6f57941468ee1aea960b/backend/src/v2/compiler/argocompiler) to generate a plugin template instead of a container template. Sample: hello-world [adapted](kfp-plugin-flow.png) (see name: system-container-driver)
+- patch the [Argo compiler](https://github.com/kubeflow/pipelines/tree/a870b1a325dae0c82c8b6f57941468ee1aea960b/backend/src/v2/compiler/argocompiler) to generate a plugin template instead of a container template. Sample: hello-world [adapted](hello_world_plugin.yaml) (see name: system-container-driver)
 - Namely, replace the templates used in the [container-driver](https://github.com/kubeflow/pipelines/blob/a870b1a325dae0c82c8b6f57941468ee1aea960b/backend/src/v2/compiler/argocompiler/container.go#L148) and [dag-driver](https://github.com/kubeflow/pipelines/blob/a870b1a325dae0c82c8b6f57941468ee1aea960b/backend/src/v2/compiler/argocompiler/dag.go#L156) section of the compiler
 - Extract the [driver](https://github.com/kubeflow/pipelines/tree/a870b1a325dae0c82c8b6f57941468ee1aea960b/backend/src/v2/driver) component into a standalone server.
 - Implement the [plugin](plugin.md)

proposals/separate-standalone-driver/executor-plugin-flow.png

@@ -33,4 +33,15 @@ However, by default, the Argo Workflow Controller does not mount the service acc
 As a result, to enable access to the Kubernetes API:
 1. Create ServiceAccount in each profile namespace with the name `driver-plugin-executor-plugin`. Argo WF [expects](https://github.com/argoproj/argo-workflows/blob/main/workflow/controller/agent.go#L285) the format <plugin-name>-executor-plugin
 2. Add a Role with appropriate Kubernetes API access and bind it to the service account.
-3. Configure `sidecar.automountServiceAccountToken` see [example](plugin.yaml)
+3. Configure `sidecar.automountServiceAccountToken` see [example](plugin.yaml)
+
+### Securing the driver sidecar container
+The driver's sidecar [exposes](https://argo-workflows.readthedocs.io/en/latest/executor_plugins/#example-a-simple-python-plugin) the HTTP `/api/v1/template.execute` API externally. So hypothetically not only Argo WF Controller able to call it.
+To prevent unauthorized access
+by default (without extra customization):
+- The Argo Workflow Controller mounts the `/var/run/argo` volume into the executor agent pod (which hosts the plugin sidecar). This volume contains a token.
+- The Argo Workflow Controller includes the same token in the authorization Bearer header of each execution request.
+additionally:
+The central driver needs to read the token from `/var/run/argo/token` and compare it with the token from the request header.
+More details are available [here](https://argo-workflows.readthedocs.io/en/latest/executor_plugins/#example-a-simple-python-plugin) 
+

proposals/separate-standalone-driver/plugin.md

@@ -12,3 +12,12 @@ data:
     name: driver-plugin
     resources:
       ...
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      runAsUser: 1000 # Must run as a non-nobody user to access the token inside the /var/run/argo volume from the sidecar
+