Provide Documentation on Securing ASP.NET Core Containers #940
Comments
|
@richlander - There are some good suggestions here. Is this something better covered by the docs or a sample here? |
|
I'd just like to add that running a read-only file system does not currently work if you are buffering requests in ASP.NET Core. If you are transferring JSON in ASP.NET Core, then JSON.NET apparently requires buffering but the new JSON API's in .NET Core 3 will apparently solve this issue. More details in RehanSaeed/ReadOnlyDockerTest#1 and dotnet/aspnetcore#3704. |
|
Also adding PID Limiting to this list which is a new feature in Kubernetes 1.14 but is currently beta. That feature will probably go live in 1.15. |
|
@glennc - Is this something you are interested in documenting from the ASP.NET perspective if something doesn't already exist? |
|
Ping @glennc |
|
<Edit> The topic of providing guidance still being discussed. No decisions have been made yet. |
|
Please don't move this to the aspnet repo, as the vast majority of this is not an aspnet question and I will simply move it back. To speak to the one asp.net part of this; "you can run an ASP.NET Core image with a read-only file system" @RehanSaeed you are frankly lucky in what you tested. ASP.NET Core will start to buffer requests to disk when under memory pressure because not doing so is a huge DoS vector. ASP.NET does not support running on read only file systems. Just because it gets "fixed" in JSON doesn't mean it will get fixed in the request pipeline. It's currently not a goal. |
|
@blowdart - sure - I have no intentions to move it myself. I am just trying to get @RehanSaeed question answered and a decision if we are going to provide additional guidance. |
|
Are there any decision taken on this? Thanks! |
|
My app using Service Bus Client and after applied the Security Context I got this issue on AKS. |
|
There is a nice writeup here. Any chance this could be turned into proper docs? |
|
@davidfowl - Does there exist any documentation that might help this request of having guidance for securely configuring ASP.NET Core in container scenarios? |
|
cc @richlander |
Is the question assuming that /tmp (or $ASPNETCORE_TEMP) is not writeable? or only that the deployment directory is not writeable? |
|
This needs more attention - diagnostics / profiling should not be mutually exclusive with read only root filesystem. At least allow the usage of a custom directory/mount a tmpfs or similar volume for collection and set that folder via environment vars. Unless this is an option that is documented somewhere? I couldn't find anything valuable (other than this issue) |
|
@richlander can you confirm whether or not it is considered safe to run a .NET 7/8 app on a read-only file system assuming |
|
It should be yes. |
|
I have another blog post planned on prod deployments. I can include this aspect. |
I've discovered that you can run an ASP.NET Core image with a read-only file system but this requires you to turn off debugging and profiling support because otherwise you get an error. Full sample here.
There are also a myriad of settings we can use in Kubernetes. Here is a sample Pod yaml:
allowPrivilegeEscalation- Stops escalation of privlieges to super user.readOnlyRootFilesystem- Enables the read-only file system I talk about above.runAsUser- Run as a different user.fsGroup- Run as a different group.capabilities- Limit the linux capabilities available to the app.As a linux noob, I'd really like more information and guidance on
runAsUser,fsGroupandcapabilitiesin particular. It would be ideal if a basic set ofcapabilitiescould be provided to get a hello world app running but also some description of what needs to be added to get additional features.The text was updated successfully, but these errors were encountered: