Details
-
Improvement
-
Resolution: Fixed
-
Critical
-
None
-
3
Description
From a security perspective being able to exec onto a pod means you could do myriad harm, downloading botnets etc. Naturally some users assume our use is malign and don't want us to do it which effectively breaks the product... Essentially our readiness checks need to be over HTTP, the easiest way to pull this off is with a sidecar that surfaces the HTTP port, the operator will need to toggle ready/unready on this sidecar based on whether the cluster can tolerate a pod going down - "will the cluster recover back to its original state if I blow something up?"