📖 infrastructure provider security guidelines

kubernetes-sigs · Sep 3, 2024 · 376caae · 376caae
1 parent 7062ab0
commit 376caae
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 0 deletions.
diff --git a/docs/book/src/SUMMARY.md b/docs/book/src/SUMMARY.md
@@ -46,6 +46,7 @@
     - [Diagnostics](./tasks/diagnostics.md)
 - [Security Guidelines](./security/index.md)
     - [Pod Security Standards](./security/pod-security-standards.md)
+    - [Infrastructure Provider Security Guidance](./security/infrastructure-provider-security-guidance.md)
 - [clusterctl CLI](./clusterctl/overview.md)
     - [clusterctl Commands](clusterctl/commands/commands.md)
         - [init](clusterctl/commands/init.md)

diff --git a/docs/book/src/developer/providers/cluster-infrastructure.md b/docs/book/src/developer/providers/cluster-infrastructure.md
@@ -187,3 +187,7 @@ Note, the write permissions allow the `Cluster` controller to set owner referenc
 "infrastructure cluster" resources; they are not used for general mutations of these resources.
 
 [aggregation label]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
+
+## Security Guidelines
+
+Please refer to [Infrastructure Provider Security Guidance](../../security/infrastructure-provider-security-guidance.md).
diff --git a/docs/book/src/developer/providers/machine-infrastructure.md b/docs/book/src/developer/providers/machine-infrastructure.md
@@ -209,3 +209,7 @@ Note, the write permissions allow the `Machine` controller to set owner referenc
 "infrastructure machine" resources; they are not used for general mutations of these resources.
 
 [aggregation label]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
+
+## Security Guidelines
+
+Please refer to [Infrastructure Provider Security Guidance](../../security/infrastructure-provider-security-guidance.md).
diff --git a/docs/book/src/security/infrastructure-provider-security-guidance.md b/docs/book/src/security/infrastructure-provider-security-guidance.md
@@ -0,0 +1,12 @@
+# Infrastructure Provider Security Guidance
+
+- Ensure credentials used by Cluster API are least privileged and setting access control
+on Cluster API controller namespaces to prevent unauthorized access by anyone other
+than cloud admin.
+- Implement 2FA for all maintainer accounts on Github. Apply the second pair of eyes
+principle when performing privileged actions such as image building or updates to the
+contents of the machine images.
+- Use short-lived credentials that are auto-renewed using node level attestation.
+- Implement rate limits for creation, deletion and update of cloud resources.
+- Any cloud resource not linked to a cluster after a fixed configurable period of time
+created by these cloud credentials, should be auto-deleted or marked for garbage collection.