Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable "Block Project-wide SSH Keys" option in worker nodes of shoot cluster in Google Cloud #510

Closed
hariprasath91 opened this issue Oct 20, 2022 · 4 comments
Closed

Enable "Block Project-wide SSH Keys" option in worker nodes of shoot cluster in Google Cloud #510

hariprasath91 opened this issue Oct 20, 2022 · 4 comments
Labels
kind/bug Bug status/closed Issue is closed (either delivered or triaged)

Comments

@hariprasath91
Copy link

How to categorize this issue?
/area --> /auto-scaling
/kind bug

What happened:
When we create a Cluster in gardener with Google Cloud provider , we see the SSH Keys on the Google side for the appropriate worker nodes getting enabled .
This is considered as a security constrain for SAP Complaint perspective

What you expected to happen:
We need to enable a option "Block Project-wide SSH Keys" for Google Cloud on the worker nodes which is getting deployed by Gardener .
If any ssh key pair are maintained project metadata and enabling this option will break login with this keys.
GCP doc: https://cloud.google.com/compute/docs/connect/restrict-ssh-keys

How to reproduce it (as minimally and precisely as possible):
We can create a cluster and we see the option "Block Project-wide SSH Keys" getting disabled.
Please find the Screenshot
image

Environment: Google Cloud

  • Gardener version: 1.61.0
  • Kubernetes version (use kubectl version):
    root@W-PF26JKWM:~# kubectl version Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.15", GitCommit:"1d79bc3bcccfba7466c44cc2055d6e7442e140ea", GitTreeState:"clean", BuildDate:"2022-09-21T12:12:26Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"} root@W-PF26JKWM:~#
  • Cloud provider or hardware configuration: Google Cloud

Regards,
Hariprasath
@gardener-prow gardener-prow bot added the kind/bug Bug label Oct 20, 2022
@gardener-prow
Copy link

gardener-prow bot commented Oct 20, 2022

@hariprasath91: The label(s) area/-->, area//auto-scaling cannot be applied, because the repository doesn't have them.

In response to this:

How to categorize this issue?
/area --> /auto-scaling
/kind bug

What happened:
When we create a Cluster in gardener with Google Cloud provider , we see the SSH Keys on the Google side for the appropriate worker nodes getting enabled .
This is considered as a security constrain for SAP Complaint perspective

What you expected to happen:
We need to enable a option "Block Project-wide SSH Keys" for Google Cloud on the worker nodes which is getting deployed by Gardener .
If any ssh key pair are maintained project metadata and enabling this option will break login with this keys.
GCP doc: https://cloud.google.com/compute/docs/connect/restrict-ssh-keys

How to reproduce it (as minimally and precisely as possible):
We can create a cluster and we see the option "Block Project-wide SSH Keys" getting disabled.
Please find the Screenshot
image

Environment: Google Cloud

  • Gardener version: 1.61.0
  • Kubernetes version (use kubectl version):
    root@W-PF26JKWM:~# kubectl version Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.15", GitCommit:"1d79bc3bcccfba7466c44cc2055d6e7442e140ea", GitTreeState:"clean", BuildDate:"2022-09-21T12:12:26Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"} root@W-PF26JKWM:~#
  • Cloud provider or hardware configuration: Google Cloud

Regards,
Hariprasath

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@hariprasath91 hariprasath91 changed the title SSH Keys on Worker Nodes to be Disabled in Google Cloud Enable "Block Project-wide SSH Keys" option in worker nodes of shoot cluster in Google Cloud Oct 20, 2022
@ialidzhikov ialidzhikov transferred this issue from gardener/gardener Oct 20, 2022
@gardener-robot
Copy link

@ialidzhikov Labels area/-->, area//auto-scaling do not exist.

@gardener-robot
Copy link

@hariprasath91 Labels area/-->, area//auto-scaling do not exist.

@ialidzhikov
Copy link
Member

Fixed with #506

/close

@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Oct 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Bug status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ialidzhikov @gardener-robot @hariprasath91