Key perm of ssh plugin should be stored in secret instead of configmap #549

sivanzcw · 2019-11-23T12:15:03Z

Is this a BUG REPORT or FEATURE REQUEST?:

/kind feature

create vc job using ssh plugin

root@kubernetes:~/workspace/mxnet# kubectl create -f mxnet.yaml 
job.batch.volcano.sh/mxnet-job created
root@kubernetes:~/workspace/mxnet# cat mxnet.yaml 
apiVersion: batch.volcano.sh/v1alpha1
kind: Job
metadata:
  name: mxnet-job
spec:
  minAvailable: 5
  schedulerName: volcano
  policies:
  - event: PodEvicted
    action: RestartJob
  - event: PodFailed
    action: RestartJob
  plugins:
    svc: []
    ssh: []

get configmap of vc job

root@zjh-hadoop:~/workspace/mxnet# kubectl get cm mxnet-job-ssh -o yaml 
apiVersion: v1
data:
  config: |
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
    Host mxnet-job-worker-0
      HostName mxnet-job-worker-0.mxnet-job
    Host mxnet-job-worker-1
      HostName mxnet-job-worker-1.mxnet-job
    Host mxnet-job-server-0
      HostName mxnet-job-server-0.mxnet-job
    Host mxnet-job-server-1
      HostName mxnet-job-server-1.mxnet-job
    Host mxnet-job-scheduler-0
      HostName mxnet-job-scheduler-0.mxnet-job
  id_rsa: |
    -----BEGIN RSA PRIVATE KEY-----
    MIICXAIBAAKBgQCXP4pDl4rFGTFXwUfrmnNbUrihKm0zuWhnHDFiXDR+CW2J+hbk
    rbwp0gIjWbfXvYlWj2cxaWX9u7qAeKTpI8MxYTu4XDpPoilZCcIXzfmcxfwYaaIA
    iVXRRDN69K4RXslaqPen8lGvwLoqlYGRB/8s2KWKK/4j5ELg6M7axEdcEwIDAQAB
    AoGAXHCqWctqNjLClKb+BQKeFKfHTkF3AtED/Vke2cYPEyVB/L2MdnG0+j5vrhls
    ooAmS3BUGsAXZO/y+ghCinegGUKSA9kGZjjPpRK83Qgx6T6UsA8xmr6sI14gjtQX
    FTuPwTUt6vz63zWaunNXYYqvVxypPiSYBvCCGzT+zbUB/rkCQQDDhJePgFtfpfey
    PGkpYKakmXZ5d5/vs9vfYTn7gsbARXRC056rI2axT70EQzDIKzk0iN9TNkDLfVs2
    SVFIh5GdAkEAxgkmd+0bmk9lFa4qZUe2qz6BXombVwl2yD/3M6l74Og/+OUdGq+i
    y9Kauirr/8hIXOsCR5WL54iLpz9ZxI9NbwJBALZU53Zm0E+Rmj34gmWZAa8MgmTi
    fx9uDsTxib4Yhjr2SmarrROSLwl6AB6CfnKdhHqOjh2uwZxDKhWlKA1IiC0CQEfw
    RQAlqvRISSEyDoaSIYJdh2NPO5XHg1XFHsiulaii1bJVkFgEW3ANRlXAh9B38gmG
    +WIFqjfme0y7D6H+qJMCQF8P6J+OYi8KdF85ddyCE4BsyAv8TnvZxJlz7NKmQfch
    QfKiVz5PPF1lJQavYD3jz/xwjc1e4fBX/s2uq5e1EdA=
    -----END RSA PRIVATE KEY-----
  id_rsa.pub: |
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCXP4pDl4rFGTFXwUfrmnNbUrihKm0zuWhnHDFiXDR+CW2J+hbkrbwp0gIjWbfXvYlWj2cxaWX9u7qAeKTpI8MxYTu4XDpPoilZCcIXzfmcxfwYaaIAiVXRRDN69K4RXslaqPen8lGvwLoqlYGRB/8s2KWKK/4j5ELg6M7axEdcEw==
kind: ConfigMap
metadata:
  creationTimestamp: "2019-11-23T12:08:54Z"
  name: mxnet-job-ssh
  namespace: default
  ownerReferences:
  - apiVersion: batch.volcano.sh/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: Job
    name: mxnet-job
    uid: 56a5998d-7223-4db3-be2f-86b147b27124
  resourceVersion: "1408691"
  selfLink: /api/v1/namespaces/default/configmaps/mxnet-job-ssh
  uid: 0676ae4f-69e5-41eb-9df3-942f317a6022

The ssh authentication related certificate is stored in the configmap in unencrypted form.

The text was updated successfully, but these errors were encountered:

k82cn · 2019-11-25T01:42:36Z

That's great !

k82cn · 2019-12-14T05:18:42Z

fixed by #603

volcano-sh-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 23, 2019

k82cn added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Nov 25, 2019

k82cn added this to the v0.3 milestone Nov 27, 2019

sivanzcw mentioned this issue Dec 12, 2019

change storage of ssh pem from configmap to secret for ssh plugin #603

Merged

k82cn closed this as completed Dec 14, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Key perm of ssh plugin should be stored in secret instead of configmap #549

Key perm of ssh plugin should be stored in secret instead of configmap #549

sivanzcw commented Nov 23, 2019

k82cn commented Nov 25, 2019

k82cn commented Dec 14, 2019

Key perm of ssh plugin should be stored in secret instead of configmap #549

Key perm of ssh plugin should be stored in secret instead of configmap #549

Comments

sivanzcw commented Nov 23, 2019

k82cn commented Nov 25, 2019

k82cn commented Dec 14, 2019