kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add risk and mitigations

This commit is contained in:
Cheng Pan 2018-11-29 00:58:05 +00:00
parent 7bff318811
commit f2f5131c1e
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
keps/sig-aws/0035-20181127-aws-ebs-csi-driver.md
View File

@ -27,7 +27,9 @@ status: provisional
* [Non-Goals](#non-goals)
* [Proposal](#proposal)
* [User Stories](#user-stories)
* [Static Provisioning](#static-provisioning)
* [Volume Schduling](#volume-scheduling)
* [Risks and Mitigations](#risks-and-mitigations)
* [Graduation Criteria](#graduation-criteria)
* [Implementation History](#implementation-history)
@ -55,9 +57,13 @@ List of driver features include volume creation/deletion, volume attach/detach,
#### Static Provisioning
Operator creates a pre-created EBS volume on AWS and a PV that refer the EBS volume on cluster. Developer creates PVC and a Pod that uses the PVC. Then developer deploys the Pod during which time the PV will be attached to container inside Pod after PVC bonds to PV successfully.
#### Dyanmic Provisiong with Volume Scheduling
#### Volume Scheduling
Operation creates StorageClass with volumeBindingMode = WaitForFirstConsumer. When developer deploys a Pod that has PVC that is trying to claim for a PV, a new PV will be created, attached, formatted and mounted inside Pod's container by the EBS CSI driver. Topology information provided by EBS CSI driver will be used during Pod scheduling to guarantee that both Pod and volume are collocated in the same availability zone.
### Risks and Mitigations
* *Information disclosure* - AWS EBS CSI driver requires permission to perform AWS operation on users' behave. EBS CSI driver will make sure non of credentials are logged. And we will instruct user to grant only required permission to driver as best securtiy practise.
* *Escalation of Privileges* - Since EBS CSI driver is formatting and mounting volumes, it requires root privilege to permform the operations. So that driver will have higher privilege than other containers in the cluster. The driver will not execute random command provided by untrusted user. All of its interfaces are only provided for kuberenetes system components to interact with. The driver will also validate requests to make sure it aligns with its assumption.
## Graduation Criteria
AWS EBS CSI driver provides the same features as in-tree plugin.