From 196d0965ec5b280b031643934f0178af39ee56ab Mon Sep 17 00:00:00 2001 From: Joe Beda Date: Mon, 9 Jun 2014 16:46:16 -0700 Subject: [PATCH] Add warnings about self signed certs and MitM attacks. Also put in pointers for IRC and mailing lists. --- DESIGN.md | 4 +++- README.md | 11 ++++++++++- cluster/kube-up.sh | 2 ++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/DESIGN.md b/DESIGN.md index 94569bae08503..d25d022dab3cc 100644 --- a/DESIGN.md +++ b/DESIGN.md @@ -106,6 +106,8 @@ The bootstrapping works like this: ### Cluster Security -As there is no security currently built into the `apiserver`, the salt configuration will install `nginx`. `nginx` is configured to serve HTTPS with a self signed certificate. HTTP basic auth is used from the client to `nginx`. `nginx` then forwards the request on to the `apiserver` over plain old HTTP. +As there is no security currently built into the `apiserver`, the salt configuration will install `nginx`. `nginx` is configured to serve HTTPS with a self signed certificate. HTTP basic auth is used from the client to `nginx`. `nginx` then forwards the request on to the `apiserver` over plain old HTTP. Because a self signed certificate is used access to server should be safe from eavesdropping but is subject to "man in the middle" attacks. Access via the browser will result in warnings and tools like curl will require an "--insecure" flag. + +All communication within the cluster (worker nodes to the master, for instance) occurs on the internal virtual network and should be safe from eavesdropping. The password is generated randomly as part of the `kube-up.sh` script and stored in `~/.kubernetes_auth`. diff --git a/README.md b/README.md index 1c14cb4ded9d7..409c6eda27a16 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Kubernetes -Kubernetes is an open source reference implementation of container cluster management. +Kubernetes is an open source implementation of container cluster management. [Kubernetes Design Document](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/DESIGN.md) @@ -89,6 +89,14 @@ cluster/kube-down.sh Or fork and start hacking! +## Community, discussion and support + +If you have questions or want to start contributing please reach out. We don't bite! + +The Kubernetes team is hanging out on IRC on the [#google-containers room on freenode.net](http://webchat.freenode.net/?channels=google-containers). We also have the [google-containers Google Groups mailing list](https://groups.google.com/forum/#!forum/google-containers). + +If you are a company and are looking for a more formal engagement with Google around Kubernetes and containers at Google as a whole, please fill out [this form](https://docs.google.com/a/google.com/forms/d/1_RfwC8LZU4CKe4vKq32x5xpEJI5QZ-j0ShGmZVv9cm4/viewform). and we'll be in touch. + ## Development ### Hooks @@ -148,3 +156,4 @@ Install [nodejs](http://nodejs.org/download/), [npm](https://www.npmjs.org/), an cd kubernetes/api raml2html kubernetes.raml > kubernetes.html ``` + diff --git a/cluster/kube-up.sh b/cluster/kube-up.sh index f6ef6c8a56978..70a4e9339cba7 100755 --- a/cluster/kube-up.sh +++ b/cluster/kube-up.sh @@ -150,5 +150,7 @@ echo "Kubernetes cluster is running. Access the master at:" echo echo " https://${user}:${passwd}@${KUBE_MASTER_IP}" echo +echo "Security note: The server above uses a self signed certificate. This is" +echo " subject to \"Man in the middle\" type attacks."