Skip to content
This repository has been archived by the owner on May 4, 2020. It is now read-only.

Make ssh secure #16

Open
Panaetius opened this issue Jul 12, 2018 · 2 comments
Open

Make ssh secure #16

Panaetius opened this issue Jul 12, 2018 · 2 comments
Labels
enhancement

Comments

@Panaetius
Copy link
Member

Description

Currently all nodes use the same ssh key which is hardcoded. This is very insecure and should be replaced with something more robust.
@Panaetius Panaetius added this to the v0.1.0 milestone Jul 12, 2018
@liehe liehe assigned liehe and unassigned liehe Aug 27, 2018
@liehe liehe self-assigned this Aug 27, 2018
@liehe
Copy link
Member

liehe commented Aug 27, 2018

I did not find much easier way to do it. For KubeFlow OpenMPI operator, they create a one-time ssh secret and use it for all workers. For Kube-openmpi, they also generate id_rsa/id_rsa.pub beforehand and append the values to values.yaml. hardcoding ssh keys might not be a problem as users can always overwrite them.

To be more secure, we can limit the roles of useraccount and have a standalone namespace for each jobs.

@liehe liehe removed their assignment Aug 28, 2018
@Panaetius
Copy link
Member Author

It would be cool if some keys were generated on the fly when installing with helm. But I don't think the helm template commands support enough scripting functionality.
Removing this from the 0.1.0 milestone

@Panaetius Panaetius removed this from the v0.1.0 milestone Aug 28, 2018
@Panaetius Panaetius removed the Worker label Oct 9, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Panaetius @liehe