Currently, the sidecar runs on the provided IP and port and starts a GRPC server which is not SSL/TLS support enabled. If there is no authentication enabled on the server side anyone can send a request targeting the nodes with some known ports and can easily perform node-level or controller-level operation, This could be a security problem for the production clusters. We need to support SSL/TLS for the GRPC server when it's running on the IP and port.
Madhu-1
commented
4 months ago
Currently, the sidecar runs on the provided IP and port and starts a GRPC server which is not SSL/TLS support enabled. If there is no authentication enabled on the server side anyone can send a request targeting the nodes with some known ports and can easily perform node-level or controller-level operation, This could be a security problem for the production clusters. We need to support SSL/TLS for the GRPC server when it's running on the IP and port.
@nixpanic @Rakshith-R Thoughts?