Skip to content
This repository has been archived by the owner on Aug 23, 2020. It is now read-only.

Add dex/CR/bad defaults failure story #40

Merged
merged 2 commits into from
Oct 24, 2019
Merged

Add dex/CR/bad defaults failure story #40

merged 2 commits into from
Oct 24, 2019

Conversation

pieterlange
Copy link
Contributor

@pieterlange pieterlange commented Oct 23, 2019
edited
Loading

Slides for my failure story related to the default dex configuration storing authrequests as CustomResources and its potential for nuking your kubernetes control plane.

The link: https://pieterlange.github.io/failure-stories/2019-06.dex.html
Ref: dexidp/dex#1292
Shared at: https://www.meetup.com/Dutch-Kubernetes-Meetup/events/262313920/

@pieterlange
Add dex/CR/bad defaults failure story
2f4152e 
Slides for my failure story related to the default [dex](https://github.com/dexidp/dex/) configuration relating to storing authrequests as CustomResources and its potential for nuking your kubernetes control plane.

Ref dexidp/dex#1292
Shared at https://www.meetup.com/Dutch-Kubernetes-Meetup/events/262313920/
@zerkms
Copy link

zerkms commented Oct 24, 2019

Spoiler warning

NO BUSINESS APPLICATIONS WERE HARMED DURING THIS OUTAGE.

^ that's truly impressive!

@pieterlange
Copy link
Contributor Author

It was merely a (very scary!) control plane outage. The monitoring systems were running during the outage but inaccessible since dex (the auth system) was down so i did actually have the data to prove that the apps were up, after the storm was over.

The biggest challenge in recovering from this failure was doing so without access to the monitoring systems (at some point i actually did make a ssh portforward directly to the machines running the grafana/kibana pods). Fun times.

@hjacobs
Copy link
Owner

hjacobs commented Oct 24, 2019

Thanks!

@hjacobs
Copy link
Owner

hjacobs commented Oct 24, 2019

@pieterlange can you sort it at the right place (newest on top)?

hjacobs
hjacobs reviewed Oct 24, 2019
View reviewed changes
README.md Outdated Show resolved Hide resolved
@hjacobs hjacobs merged commit 21a91a0 into hjacobs:master Oct 24, 2019
@githubrotem
Copy link

Is there any real solution for this issue?
Right now anyone can make a curl loop and bring the cluster down

@szuecs
Copy link

szuecs commented Jan 13, 2020
edited
Loading

We use skipper as kube-apiserver sidecar to do auth. and we can easily add client rate limits:
https://opensource.zalando.com/skipper/reference/filters/#clientratelimit

Auth is done by tokens and validation is done by a tokeninfo sidecar that is fast enough.

To protect your dex endpoint you can use either skipper in front of that, too, or bind it on localhost in the apiserver pod and use skipper to integrate with it.
The localhost example might need some special routes, but this can be achieved.

@hjacobs
Copy link
Owner

hjacobs commented Jan 13, 2020

@githubrotem see also https://twitter.com/pst418/status/1216739457400999938

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@hjacobs hjacobs hjacobs left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pieterlange @zerkms @hjacobs @githubrotem @szuecs