github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-20 22:18:49 +00:00
Code Issues Projects Releases Wiki Activity

Add warnings about self signed certs and MitM attacks.

Browse Source 
Also put in pointers for IRC and mailing lists.
This commit is contained in:
Joe Beda
2014-06-09 16:46:16 -07:00
parent fd36e8b9f2
commit 196d0965ec
3 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
DESIGN.md
View File

@@ -106,6 +106,8 @@ The bootstrapping works like this:
### Cluster Security
As there is no security currently built into the `apiserver`, the salt configuration will install `nginx`. `nginx` is configured to serve HTTPS with a self signed certificate. HTTP basic auth is used from the client to `nginx`. `nginx` then forwards the request on to the `apiserver` over plain old HTTP.
As there is no security currently built into the `apiserver`, the salt configuration will install `nginx`. `nginx` is configured to serve HTTPS with a self signed certificate. HTTP basic auth is used from the client to `nginx`. `nginx` then forwards the request on to the `apiserver` over plain old HTTP. Because a self signed certificate is used access to server should be safe from eavesdropping but is subject to "man in the middle" attacks. Access via the browser will result in warnings and tools like curl will require an "--insecure" flag.
All communication within the cluster (worker nodes to the master, for instance) occurs on the internal virtual network and should be safe from eavesdropping.
The password is generated randomly as part of the `kube-up.sh` script and stored in `~/.kubernetes_auth`.