Skip to content

Security Self-Assessment: [STRIDE-MULTIPLE] End-User Cluster API Security Guidance #6152

New issue
New issue
Open
#12814
Open
Security Self-Assessment: [STRIDE-MULTIPLE] End-User Cluster API Security Guidance#6152
#12814
Labels
area/securityIssues or PRs related to securitygood first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.kind/documentationCategorizes issue or PR as related to documentation.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.sig/securityCategorizes an issue or PR as relevant to SIG Security.triage/acceptedIndicates an issue or PR is ready to be actively worked on.
@randomvariable

Description

@randomvariable
randomvariable
opened on Feb 16, 2022

User Story

As a cluster operator, I want to know how to use Cluster API securely.

Detailed Description

Follow up to #4139, security guidance should be given for end users

Covers the following in the security self-assessment:

  • Second pair of eyes are applied when executing privileged actions such as creating/deleting/updating a cluster (possibly using gitops)
  • Enabling auditing on the management cluster (STRIDE-SPOOF-1)
  • Using least permissions for infrastructure providers. (STRIDE-SPOOF-1)
  • Files system monitoring (STRIDE-TAMPER-2)
  • During runtime: Alert on modification or restarts of cluster API components to detect for potential tampering (STRIDE-TAMPER-1)

Anything else you would like to add:

[Miscellaneous information that will assist in solving the issue.]

/kind feature
/area security

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/securityIssues or PRs related to securitygood first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.kind/documentationCategorizes issue or PR as related to documentation.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.sig/securityCategorizes an issue or PR as relevant to SIG Security.triage/acceptedIndicates an issue or PR is ready to be actively worked on.

    Type

    No type

    Projects

    [Cluster API] SIG Security Self-Assessment

    Status

    Planned

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions