Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Concerns with kink #18

Open
RamazanKara opened this issue Sep 15, 2021 · 1 comment
Open

Security Concerns with kink #18

RamazanKara opened this issue Sep 15, 2021 · 1 comment

Comments

@RamazanKara
Copy link

RamazanKara commented Sep 15, 2021
edited

While this seems like a cool project, the security implications that are required for running kink are very concerning.

kink/cmd/run.go

Line 212 in 42be76d

Privileged: ptrbool(true),

Running this fully privileged puts a massive risk on any K8 Cluster that runs Kink. The security impact of this project can probably be massively reduced by implementing the correct and relevant Security Context instead of running it in privileged Mode.
@ebartz ebartz mentioned this issue Sep 18, 2021
Open
@ctalledo
Copy link

ctalledo commented Nov 18, 2021
edited

Running this fully privileged puts a massive risk on any K8 Cluster that runs Kink.

I agree.

But note: there is now a solution to run KinD in secure (in fact rootless) pods. It's called Sysbox, a next-generation "runc" (I am one of the developers). It's in fact capable of creating secure pods that run not just KinD, but also Docker, native K8s, K3s, buildx, systemd, and more.

I think KinK users would really benefit from this, as otherwise the alternative of using privileged containers will be a strong deterrent for many.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ctalledo @RamazanKara