The default configuration for the onepassword-connect service created by this chart is to expose it as a NodePort. In many environments this can result in the service being directly open to the internet. I don't know whether this causes any direct security problems (I think it still has authentication?), but it is at the very least a very concerning thing to unexpectedly discover.
What did you expect to happen?
For the default service type to be ClusterIP, internal to the cluster network.
Notes & Logs
65 made the service type configurable, where before it was hardcoded as NodePort. A comment on that PR noted that the default should be ClusterIP, but this did not get picked up on at the time.
Your environment
Chart Version: current
What happened?
The default configuration for the onepassword-connect service created by this chart is to expose it as a NodePort. In many environments this can result in the service being directly open to the internet. I don't know whether this causes any direct security problems (I think it still has authentication?), but it is at the very least a very concerning thing to unexpectedly discover.
What did you expect to happen?
For the default service type to be ClusterIP, internal to the cluster network.
Notes & Logs
65 made the service type configurable, where before it was hardcoded as NodePort. A comment on that PR noted that the default should be ClusterIP, but this did not get picked up on at the time.