diff options
| author | Rey Lejano <rlejano@gmail.com> | 2021-06-09 12:35:27 -0700 |
|---|---|---|
| committer | Rey Lejano <rlejano@gmail.com> | 2021-06-09 12:47:49 -0700 |
| commit | 888e47dd2ca2063d59d7f4ec7fd8ce8883217d99 (patch) | |
| tree | dc0a4d2ec6755ec341d9c89209121885184ab25b | |
| parent | eda4809bc93970f864de31e6e5d2235f013ce65e (diff) | |
add draft external audit roadmap
| -rw-r--r-- | sig-security/sig-security-external-audit/external-audit-roadmap.md | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/sig-security/sig-security-external-audit/external-audit-roadmap.md b/sig-security/sig-security-external-audit/external-audit-roadmap.md new file mode 100644 index 00000000..5b7e2877 --- /dev/null +++ b/sig-security/sig-security-external-audit/external-audit-roadmap.md @@ -0,0 +1,36 @@ +Past external security audits have not been comprehensive of the entire Kubernetes project. +This roadmap lists previously audited focus areas and focus areas requested to be included in future audits. +The Kubernetes community is invited to create issues and PRs to request additional components to be audited. + + +| **Kubernetes Focus Area** | **Audit Year**| **Links** | +|---------------------------|---------------|-----------| +| Networking | 2019 | | +| Cryptography | 2019 | | +| Authentication & Authorization (including Role Based Access Controls) | 2019 | | +| Secrets Management | 2019 | | +| Multi-tenancy isolation: Specifically soft (non-hostile co-tenants) | 2019 | | +| kube-apiserver | 2021 | | +| kube-scheduler | 2021 | | +| etcd (in the context of Kubernetes use of etcd) | 2021 | | +| kube-controller-manager | 2021 | | +| cloud-controller-manager | 2021 | | +| kubelet | 2021 | https://github.com/kubernetes/kubelet https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/kubelet | +| kube-proxy | 2021 | https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/kube-proxy https://github.com/kubernetes/kube-proxy | +| secrets-store-csi-driver | 2021 | https://github.com/kubernetes-sigs/secrets-store-csi-driver | +| cluster API | TBD | https://github.com/kubernetes-sigs/cluster-api | +| kubectl | TBD | https://github.com/kubernetes/kubectl | +| kubeadm | TBD | https://github.com/kubernetes/kubeadm | +| metrics server | TBD | https://github.com/kubernetes-sigs/metrics-server +| nginx-ingress (in the context of a Kubernetes ingress controller) | TBD | https://github.com/kubernetes/ingress-nginx +| kube-state-metrics | TBD | https://github.com/kubernetes/kube-state-metrics +| node feature discovery | TBD | https://github.com/kubernetes-sigs/node-feature-discovery +| hierarchial namespace | TBD | https://github.com/kubernetes-sigs/multi-tenancy/tree/master/incubator/hnc +| pod security policy replacement | TBD | https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement +| CoreDNS (in the context of Kubernetes use of CoreDNS) | TBD | Concept: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ Reference: https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/ | +| cluster autoscaler | TBD | https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler | +| kube rbac proxy | TBD | https://github.com/brancz/kube-rbac-proxy | +| kms plugins | TBD | https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/#implementing-a-kms-plugin | +| cni plugins | TBD | https://github.com/containernetworking/cni | +| csi plugins | TBD | https://github.com/kubernetes-csi | +| aggregator layer | TBD | https://github.com/kubernetes/kube-aggregator |
\ No newline at end of file |