Loading...

XML

Word

Printable

Details

Type: Improvement
Resolution: Fixed
Priority: Critical
Fix Version/s: 2.1.0
Affects Version/s: None
Component/s: operator
Labels:
- cao_2.1_P0
- releasenote

Story Points:
3

Description

From a security perspective being able to exec onto a pod means you could do myriad harm, downloading botnets etc. Naturally some users assume our use is malign and don't want us to do it which effectively breaks the product... Essentially our readiness checks need to be over HTTP, the easiest way to pull this off is with a sidecar that surfaces the HTTP port, the operator will need to toggle ready/unready on this sidecar based on whether the cluster can tolerate a pod going down - "will the cluster recover back to its original state if I blow something up?"

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Simon Murray

Reporter:: Simon Murray

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Nov/19 6:36 AM

Updated:: 21/Aug/20 10:30 AM

Resolved:: 02/Jul/20 6:23 AM

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

K8S-1168: Non-Exec Node Readiness: Gerrit Review:

Stop Using pods/exec

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty