FIPS mode about bonny HOT 22 CLOSED

👍 will get a PR ready later for this

from bonny.

from bonny.

🤦 :sha does :sha1 doesn't .... trying to get an integration test going with the :sha

from bonny.

@mruoss I know what we are discussing is more relating to the https://kubernetes.io/docs/concepts/architecture/leases/#custom-workload section that doesn't ask for sha256. But I think if it's possible to use sha256 it would be better. Otherwise I'm not really opposed to any other algorithm, I just gave my 2 cents in the discussion :D

from bonny.

well... it is not supposed to be secure... it is just used to create a safe name for a lease.
Potentially we could use a different hash algorithm. But we need to make sure the lease name is the same on all replicas (i.e. don't use salt or similar).

from bonny.

from bonny.

That would be great. No, just use a new algorithm.

from bonny.

Sha-1 should do the trick, right?

from bonny.

from bonny.

I am worried about the length...

from bonny.

Maybe just grab the first 16 to keep the same length since this is only for leader election?

 :crypto.hash(:sha256, "asdf") |> String.slice(0..15) |> Base.encode16() |> String.downcase() |> IO.inspect
 :crypto.hash(:sha256, "qwer") |> String.slice(0..15) |> Base.encode16() |> String.downcase() |> IO.inspect

:crypto.hash(:sha256, "asdf") |> String.slice(0..15) |> Base.encode16() |> String.downcase() |> String.length()

from bonny.

:sha doesn't work?

from bonny.

debugging the integration test now:

15:40:05.174 [debug] {Operator=REDACTED.Operator} - Starting leadership evaluation
Erlang/OTP 26 [erts-14.2.2] [source] [64-bit] [smp:16:2] [ds:16:2:10] [async-threads:1] [jit:ns]

Interactive Elixir (1.16.1) - press Ctrl+C to exit (type h() ENTER for help)
15:40:05.189 [debug] K8s.Client.Mint.ConnectionRegistry other message received: {:ssl, {:sslsocket, {:gen_tcp, #Port<0.8>, :tls_connection, :undefined}, [#PID<0.2094.0>, #PID<0.2093.0>]}, <<0, 0, 30, 4, 0, 0, 0, 0, 0, 0, 5, 0, 4, 0, 0, 0, 3, 0, 0, 0, 100, 0, 6, 0, 16, 1, 64, 0, 1, 0, 0, 16, 0, 0, 4, 0, 4, 0, 0>>}
15:40:05.239 [debug] {Operator=REDACTED.Operator} - I'm holding the lock. Trying to renew it
15:40:05.288 [debug] {Operator=REDACTED.Operator} - Lock successfully acquired/renewed.
15:40:05.288 [debug] {Operator=REDACTED.Operator} - I am the new leader. Starting the operator.
15:40:05.334 [debug] {Operator=REDACTED.Operator} - Starting leadership evaluation
15:40:05.423 [debug] {Operator=REDACTED.Operator} - I'm holding the lock. Trying to renew it
15:40:05.475 [debug] {Operator=REDACTED.Operator} - Lock successfully acquired/renewed.
15:40:05.475 [debug] {Operator=REDACTED.Operator} - I am the new leader. Starting the operator.
15:40:05.518 [debug] {Operator=REDACTED.Operator} - Starting leadership evaluation
15:40:05.611 [debug] {Operator=REDACTED.Operator} - I'm holding the lock. Trying to renew it
15:40:05.666 [debug] {Operator=REDACTED.Operator} - Lock successfully acquired/renewed.
15:40:05.666 [debug] {Operator=REDACTED.Operator} - I am the new leader. Starting the operator.
15:40:05.710 [debug] {Operator=REDACTED.Operator} - Starting leadership evaluation
15:40:05.800 [debug] {Operator=REDACTED.Operator} - I'm holding the lock. Trying to renew it
15:40:05.852 [debug] {Operator=REDACTED.Operator} - Lock successfully acquired/renewed.
15:40:05.852 [debug] {Operator=REDACTED.Operator} - I am the new leader. Starting the operator.
15:40:05.899 [notice] Application REDACTED exited: shutdown
15:40:05.905 [debug] K8s.Client.Mint.ConnectionRegistry DOWN of process #PID<0.2095.0> received.
iex(REDACTED@REDACTED-56d96b7c59-z7xr4)1> Kernel pid terminated (application_controller) ("{application_terminated,REDACTED,shutdown}")

Crash dump is being written to: erl_crash.dump...done

from bonny.

 kubectl get lease -A | grep -i bon
default              default-bonny-7c0953f1db9bc080301cdace36d39749                                   bonny                                                                                       339d
default              default-bonny-816c1063dfe66e38f5dd7915d09df8ee30315d3ef91fc69320f2feac733a4267   bonny                                                                                       38m

I deleted the leases by hand just in case, but I changed it to limit to the first 16

from bonny.

Hi everybone and @spunkedy, is possible the use of sha256 to be more standard?

Take a note k8s oficially uses this algorith, according to the docs:

https://kubernetes.io/docs/concepts/architecture/leases/

from bonny.

Hi everybone and @spunkedy, is possible the use of sha256 to be more standard?

Take a note k8s oficially uses this algorith, according to the docs:

https://kubernetes.io/docs/concepts/architecture/leases/

I agree that using sha256 would be desirable

from bonny.

Guys, can you elaborate a bit more on your suggestions? What makes sha256 more desirable? Remember: this is not a hash used for security...

from bonny.

Guys, can you elaborate a bit more on your suggestions? What makes sha256 more desirable? Remember: this is not a hash used for security...

This is just to make a unique lease, I have 0 preference which algorithm we do since it doesn't have to do with security at all.

from bonny.

https://kubernetes.io/docs/concepts/architecture/leases/

"The SHA256 hash used in the lease name is based on the OS hostname as seen by that API server. Each kube-apiserver should be configured to use a hostname that is unique within the cluster. New instances of kube-apiserver that use the same hostname will take over existing Leases using a new holder identity, as opposed to instantiating new Lease objects. You can check the hostname used by kube-apisever by checking the value of the kubernetes.io/hostname label:
"

Although it does not explain why the documentation indicates the use of sha256 under some rules. I think it would be desirable to follow the example of the official documentation if possible, even if no other reason or impediment acts. Just for consistency with the documentation.

from bonny.

I don't mind refactoring this to work off of the hostname for the lease. I don't see it being a problem for statefulsets vs deployments.

Would we prefer that?

from bonny.

Using the hostname for our lease would defeat the purpose. While in the linked example the lease is used to communicate the API Server's identity, we use the lease for leader election. We explicitly want one single leader over all hosts :)

from bonny.

Using the hostname for our lease would defeat the purpose. While in the linked example the lease is used to communicate the API Server's identity, we use the lease for leader election. We explicitly want one single leader over all hosts :)

Agreed.

I think we might be overcomplicating this all. Just updated #276

from bonny.