I have a bit of an 'initial trust' issue. We are using CoreOS to run Kubernetes, and secure both the etcd API and the Kubernetes API servers using client certificates. We are using iPXE to boot everything except the etcd servers.
The issue I am trying to overcome is how to distribute the client keys in a secure AND automated way? Are there effective ways of uniquely and securely validating a machine without storing anything to the disk?
Our requirements dictate that the solution can be used on both physical and virtual nodes, and allow for dynamic, on-demand scaling, which means that physical devices are not an option.
My colleagues have suggested using firewalls to secure a node that hosts the keys (i.e. a web server), but I am convinced there must be a more secure option. I suspect it may have something to do with the TPM, but my current research hasn't provided any practical examples as of yet.
Thanks in advance for any answers/comments/edits!