Comments (5)
I assume you already had a look at the security guide? If not please take a look. The current state is not ideal, as it requires a lot of manual work. We are thinking about adding support for some of the many automatic certificate management tools in Kubernetes, like cert-manager in the future. This should make the whole process a lot easier.
There is a risk ofsomeone targeting your machines and trying to extract the content of your volumes. If someone can spoof one of your servers, they can effectively intercept all control and sync traffic between your servers.
If you are running Kubernetes on servers in public network, I would recommend to enable encryption of your pod network. I think most of the network providers support some kind of encryption for the pod network. This would then also include the control-plane traffic of Piraeus.
from piraeus-operator.
So if I use Weave CNI with encryption enabled, is my setup secure? Thanks!
from piraeus-operator.
That would encrypt all communication between your pods. That still leaves the possibility to read the traffic of DRBD. If possible, I would create a wireguard tunnel between your virtual servers. That way you can ensure that all traffic not just between Pods is secure.
from piraeus-operator.
Gotcha, thanks!
from piraeus-operator.
Securing the control plane got a lot easier since merging #263
from piraeus-operator.
Related Issues (20)
- doc: how to safely resize pvc ? HOT 1
- Linstor looking for next version of DRBD on evacuate HOT 10
- Issues with volume provisioning complaints of failing to do filesystem resizing(?) on kubernetes cluster HOT 7
- Fixing errors in the filesystem HOT 2
- Linstor-Satellite pod zfs create results in invalid arg. HOT 3
- Deployment on k8s failed due to drbd-module-loader container HOT 1
- StorageException: Failed to pvcreate on device: /dev/sdb HOT 13
- Clarify the meaning of the CRDs .status.conditions HOT 1
- StorageException: Failed to mkfs /dev/drbd1002 HOT 9
- etcd-operator adoption HOT 1
- Linstor, installed via Piraeus operator in Kubernetes cluster, disables LVM monitoring HOT 5
- ImplementationError: Layer 'DRBD did not delete the volume 0 of resource ... properly HOT 4
- Resizing of LVM after Host-Reboot not working HOT 9
- A potential risk in piraeus-operator that could lead to takeover of the cluster HOT 1
- ZFS: change mounting location (for Talos Linux) HOT 4
- failed to fail-over resource HOT 1
- make master node only for DISKLESS as TieBreaker HOT 3
- [bug] The priorityClass of the pods is not set. Cascade of failure ensues. HOT 3
- `Satellite not online` for only one node. No errors, just hangs. HOT 2
- Importing/Mounting pre-existing volumes in linstor/DRBD HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from piraeus-operator.