Q: Is there any method in Kubelet/Microk8s for securing a static pod manifest, ie. enforcing a signed digest on a manifest or equivalent? Is this outside the scope of Kubelet/mk8s if not?
Use case: As a device fleet developer I’d like to manage app’s on edge devices via Kubelet with static pod’s, ie. no control plane. I’d like to enforce that kubelet run’s in a way that only accepts trusted static pod manifest, when coupled with the enforcement of a secure RFS/boot. Any thoughts?
Edit: I wanted to clarify that I understand signed container’s are supported at the CRI-O layer, but this ask parallel’s if kube is able to do the same for the whole manifest. IE, it seems like a valid attack surface to change a pod manifest to launch a trusted/signed container as root with full networking, port punches and mount the host’s / directory w/r, as a vector to exploit the host through a trusted container. I guess my question is building on what is the principle in Kube that prevents this in the context of a static pod manifest.
Cluster information:
Kubernetes version: 1.19.1+
Cloud being used: N/A
Installation method: src build
Host OS: Linux 4.4+