Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(gRPC): Implement m-TLS Support using self-signed certificate #1526

Merged
merged 1 commit into from
Feb 21, 2024
Merged

feat(gRPC): Implement m-TLS Support using self-signed certificate #1526

merged 1 commit into from
Feb 21, 2024
+516 −5

Conversation

rksharma95
Copy link
Collaborator

@rksharma95 rksharma95 commented Nov 29, 2023
edited
Loading

Purpose of PR?:
This PR introduces m-TLS support using self-signed certificate to secure KubeArmor gRPC endpoint. with the tls encryption we ensure secure communication between the KubeArmor server and the clients i.e. kubearmor-relay.

Fixes #1464

Does this PR introduce a breaking change?

If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? :
Mention if this PR is part of any design or a continuation of previous PRs

Checklist:

  • Bug fix. Fixes Secure KubeArmor gRPC Endpoint #1464
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • PR Title follows the convention of <type>(<scope>): <subject>
  • Commit has unit tests
  • Commit has integration tests

@nyrahul nyrahul mentioned this pull request Jan 4, 2024
Open
19 tasks
@rksharma95 rksharma95 force-pushed the secure-grpc branch 4 times, most recently from f2a6b60 to 4677704 Compare February 16, 2024 04:58
@rksharma95 rksharma95 changed the title fix(gRPC): Add server-side TLS Support using self-signed certificate feat(gRPC): Implement m-TLS Support using self-signed certificate Feb 16, 2024
@rksharma95 rksharma95 marked this pull request as ready for review February 16, 2024 05:02
achrefbensaad
achrefbensaad previously approved these changes Feb 19, 2024
View reviewed changes
Copy link
Member

@achrefbensaad achrefbensaad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Looks good to me, Can you please add the steps to test this PR.

KubeArmor/cert/cert.go Show resolved Hide resolved
@rksharma95 rksharma95 force-pushed the secure-grpc branch 2 times, most recently from eb03833 to 4cb41b1 Compare February 19, 2024 05:25
daemon1024
daemon1024 reviewed Feb 20, 2024
View reviewed changes
Copy link
Member

@daemon1024 daemon1024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general.
Small question/comment.

Can we include high level flow diagram of how the certificates are going to be generated, used and verified across KubeArmor and KubeArmor clients/relay

KubeArmor/feeder/feeder.go Outdated Show resolved Hide resolved
achrefbensaad
achrefbensaad approved these changes Feb 21, 2024
View reviewed changes
Copy link
Member

@achrefbensaad achrefbensaad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rksharma95 @daemon1024
add cert pkg to implement mtls
c2d28d2 
Signed-off-by: rksharma95 <ramakant@accuknox.com>
@daemon1024 daemon1024 merged commit 9cec6ea into kubearmor:main Feb 21, 2024
18 checks passed
@DelusionalOptimist DelusionalOptimist mentioned this pull request Mar 19, 2024
Closed
24 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daemon1024 daemon1024 daemon1024 approved these changes

@achrefbensaad achrefbensaad achrefbensaad approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secure KubeArmor gRPC Endpoint
3 participants
@rksharma95 @achrefbensaad @daemon1024