diff options
| author | Kubernetes Prow Robot <k8s-ci-robot@users.noreply.github.com> | 2021-09-02 10:22:57 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-02 10:22:57 -0700 |
| commit | ce2fce925033718dcd93d64945537f928985a9ac (patch) | |
| tree | 88958dea92d87ffacf834c0df4decd3eb5515ca3 /sig-security | |
| parent | 98b3d97d2e7f91bb62b8e88710c29c1675efb689 (diff) | |
| parent | 888e47dd2ca2063d59d7f4ec7fd8ce8883217d99 (diff) | |
Merge pull request #5824 from reylejano/audit-roadmap
Initial External Security Audit Roadmap
Diffstat (limited to 'sig-security')
| -rw-r--r-- | sig-security/sig-security-external-audit/external-audit-roadmap.md | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/sig-security/sig-security-external-audit/external-audit-roadmap.md b/sig-security/sig-security-external-audit/external-audit-roadmap.md new file mode 100644 index 00000000..5b7e2877 --- /dev/null +++ b/sig-security/sig-security-external-audit/external-audit-roadmap.md @@ -0,0 +1,36 @@ +Past external security audits have not been comprehensive of the entire Kubernetes project. +This roadmap lists previously audited focus areas and focus areas requested to be included in future audits. +The Kubernetes community is invited to create issues and PRs to request additional components to be audited. + + +| **Kubernetes Focus Area** | **Audit Year**| **Links** | +|---------------------------|---------------|-----------| +| Networking | 2019 | | +| Cryptography | 2019 | | +| Authentication & Authorization (including Role Based Access Controls) | 2019 | | +| Secrets Management | 2019 | | +| Multi-tenancy isolation: Specifically soft (non-hostile co-tenants) | 2019 | | +| kube-apiserver | 2021 | | +| kube-scheduler | 2021 | | +| etcd (in the context of Kubernetes use of etcd) | 2021 | | +| kube-controller-manager | 2021 | | +| cloud-controller-manager | 2021 | | +| kubelet | 2021 | https://github.com/kubernetes/kubelet https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/kubelet | +| kube-proxy | 2021 | https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/kube-proxy https://github.com/kubernetes/kube-proxy | +| secrets-store-csi-driver | 2021 | https://github.com/kubernetes-sigs/secrets-store-csi-driver | +| cluster API | TBD | https://github.com/kubernetes-sigs/cluster-api | +| kubectl | TBD | https://github.com/kubernetes/kubectl | +| kubeadm | TBD | https://github.com/kubernetes/kubeadm | +| metrics server | TBD | https://github.com/kubernetes-sigs/metrics-server +| nginx-ingress (in the context of a Kubernetes ingress controller) | TBD | https://github.com/kubernetes/ingress-nginx +| kube-state-metrics | TBD | https://github.com/kubernetes/kube-state-metrics +| node feature discovery | TBD | https://github.com/kubernetes-sigs/node-feature-discovery +| hierarchial namespace | TBD | https://github.com/kubernetes-sigs/multi-tenancy/tree/master/incubator/hnc +| pod security policy replacement | TBD | https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement +| CoreDNS (in the context of Kubernetes use of CoreDNS) | TBD | Concept: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ Reference: https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/ | +| cluster autoscaler | TBD | https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler | +| kube rbac proxy | TBD | https://github.com/brancz/kube-rbac-proxy | +| kms plugins | TBD | https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/#implementing-a-kms-plugin | +| cni plugins | TBD | https://github.com/containernetworking/cni | +| csi plugins | TBD | https://github.com/kubernetes-csi | +| aggregator layer | TBD | https://github.com/kubernetes/kube-aggregator |
\ No newline at end of file |