From f2f5131c1e0b5a09709a0de4b0b91f4d91a18ed7 Mon Sep 17 00:00:00 2001 From: Cheng Pan Date: Thu, 29 Nov 2018 00:58:05 +0000 Subject: [PATCH] Add risk and mitigations --- keps/sig-aws/0035-20181127-aws-ebs-csi-driver.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/keps/sig-aws/0035-20181127-aws-ebs-csi-driver.md b/keps/sig-aws/0035-20181127-aws-ebs-csi-driver.md index 2c0e6ad3f..b4b0c7fe3 100644 --- a/keps/sig-aws/0035-20181127-aws-ebs-csi-driver.md +++ b/keps/sig-aws/0035-20181127-aws-ebs-csi-driver.md @@ -27,7 +27,9 @@ status: provisional * [Non-Goals](#non-goals) * [Proposal](#proposal) * [User Stories](#user-stories) - + * [Static Provisioning](#static-provisioning) + * [Volume Schduling](#volume-scheduling) + * [Risks and Mitigations](#risks-and-mitigations) * [Graduation Criteria](#graduation-criteria) * [Implementation History](#implementation-history) @@ -55,9 +57,13 @@ List of driver features include volume creation/deletion, volume attach/detach, #### Static Provisioning Operator creates a pre-created EBS volume on AWS and a PV that refer the EBS volume on cluster. Developer creates PVC and a Pod that uses the PVC. Then developer deploys the Pod during which time the PV will be attached to container inside Pod after PVC bonds to PV successfully. -#### Dyanmic Provisiong with Volume Scheduling +#### Volume Scheduling Operation creates StorageClass with volumeBindingMode = WaitForFirstConsumer. When developer deploys a Pod that has PVC that is trying to claim for a PV, a new PV will be created, attached, formatted and mounted inside Pod's container by the EBS CSI driver. Topology information provided by EBS CSI driver will be used during Pod scheduling to guarantee that both Pod and volume are collocated in the same availability zone. +### Risks and Mitigations +* *Information disclosure* - AWS EBS CSI driver requires permission to perform AWS operation on users' behave. EBS CSI driver will make sure non of credentials are logged. And we will instruct user to grant only required permission to driver as best securtiy practise. +* *Escalation of Privileges* - Since EBS CSI driver is formatting and mounting volumes, it requires root privilege to permform the operations. So that driver will have higher privilege than other containers in the cluster. The driver will not execute random command provided by untrusted user. All of its interfaces are only provided for kuberenetes system components to interact with. The driver will also validate requests to make sure it aligns with its assumption. + ## Graduation Criteria AWS EBS CSI driver provides the same features as in-tree plugin.