kubernetes-sigs · k8s-ci-robot · Sep 19, 2024 · Sep 3, 2024
diff --git a/docs/book/src/SUMMARY.md b/docs/book/src/SUMMARY.md
@@ -46,6 +46,7 @@
     - [Diagnostics](./tasks/diagnostics.md)
 - [Security Guidelines](./security/index.md)
     - [Pod Security Standards](./security/pod-security-standards.md)
+    - [Infrastructure Provider Security Guidance](./security/infrastructure-provider-security-guidance.md)
 - [clusterctl CLI](./clusterctl/overview.md)
     - [clusterctl Commands](clusterctl/commands/commands.md)
         - [init](clusterctl/commands/init.md)

diff --git a/docs/book/src/developer/providers/cluster-infrastructure.md b/docs/book/src/developer/providers/cluster-infrastructure.md
@@ -187,3 +187,7 @@ Note, the write permissions allow the `Cluster` controller to set owner referenc
 "infrastructure cluster" resources; they are not used for general mutations of these resources.
 
 [aggregation label]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
+
+## Security Guidelines
+
+Please refer to [Infrastructure Provider Security Guidance](../../security/infrastructure-provider-security-guidance.md).
diff --git a/docs/book/src/developer/providers/machine-infrastructure.md b/docs/book/src/developer/providers/machine-infrastructure.md
@@ -209,3 +209,7 @@ Note, the write permissions allow the `Machine` controller to set owner referenc
 "infrastructure machine" resources; they are not used for general mutations of these resources.
 
 [aggregation label]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
+
+## Security Guidelines
+
+Please refer to [Infrastructure Provider Security Guidance](../../security/infrastructure-provider-security-guidance.md).
diff --git a/docs/book/src/security/infrastructure-provider-security-guidance.md b/docs/book/src/security/infrastructure-provider-security-guidance.md
@@ -0,0 +1,25 @@
+# Infrastructure Provider Security Guidance
+
+There are several critical areas that any infrastructure provider implementer must address to ensure secure operations. These include:
+
+- **Management of cloud credentials** assigned to the infrastructure provider, including setting quotas and rate limiting.
+- **Ensuring secure access to VMs** for troubleshooting, with proper authentication methods.
+- **Controlling manual operations** performed on cloud infrastructure targeted by the provider.
+- **Housekeeping** of the cloud infrastructure, ensuring timely cleanup and garbage collection of unused resources.
+
+The following list outlines high-level security recommendations. It is a community-maintained resource, and everyone’s contributions are essential to continuously improve and adapt these best practices. Each provider implementer is responsible for translating these recommendations to fit the context of their specific cloud provider:
+
+1. **Credentials Management**:
+   Ensure credentials used by Cluster API are least privileged. Apply access control to Cluster API controller namespaces, restricting unauthorized access to cloud administrators only.
+
+2. **Two-Factor Authentication (2FA)**:
+   Implement 2FA for all maintainer accounts on GitHub. For any privileged actions (e.g., image building or updates to machine images), follow the "second pair of eyes" principle to ensure review and oversight.
+
+3. **Short-lived Credentials**:
+   Use short-lived credentials that are automatically renewed via node-level attestation mechanisms, minimizing the risk of credential misuse.
+
+4. **Rate Limiting for Cloud Resources**:
+   Implement rate limits for the creation, deletion, and updating of cloud resources, protecting against potential abuse or accidental overload.
+
+5. **Resource Housekeeping**:
+   Any cloud resource not linked to a cluster after a fixed configurable period, created by cloud credentials, should be automatically deleted or marked for garbage collection to avoid resource sprawl.