Assets for compute nodes #2832

gambol99 · 2017-06-29T12:48:02Z

It not really necessary (or prudent) for the compute nodes to pull down all of the following assets.

core@ip-10-200-101-253 /srv/kubernetes $ ls -l
total 40
-rw-------. 1 root root   59 Jun 29 10:56 basic_auth.csv
-rw-r--r--. 1 root root 1046 Jun 29 10:56 ca.crt
-rw-------. 1 root root  530 Jun 29 10:56 known_tokens.csv
-rw-r--r--. 1 root root 1407 Jun 29 10:56 server.cert
-rw-r--r--. 1 root root 1679 Jun 29 10:56 server.key

Realistically the only file that's required here is the CA .. The rest should be protected by iam policy in the bucket and limited to the master nodes only.

Automatic merge from submit-queue Node Secrets As present a number of secrets are downloaded to the /src/kubernetes directory regardless of role (master, node). This limits the the node role to only donwload the ca.crt. The rest are for master nodes only - removes basic_auth.csv, ca.key, known_tokens.csv, server.cert and server.key leaving only the ca.crt ```shell core@ip-10-250-33-77 /srv/kubernetes $ ls basic_auth.csv ca.crt ca.key known_tokens.csv server.cert server.key ``` relates to #2832

chrislovecnm added the area/security label Jun 29, 2017

gambol99 mentioned this issue Jul 26, 2017

Node Secrets #3058

Merged

gambol99 closed this as completed Jul 31, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Assets for compute nodes #2832

Assets for compute nodes #2832

gambol99 commented Jun 29, 2017

Assets for compute nodes #2832

Assets for compute nodes #2832

Comments

gambol99 commented Jun 29, 2017