Currently rabbitmq is running as guest/guest.
We should at the very least set a proper password and manage it as a Kubernetes secret
As a second step we should understand how fine grained we want to do authorization:
Does every client get it's own user?
Is every client allowed to see/modify/delete every other queue/exchange
Do we want to integrate oauth/keycloak
Similar considerations should be made for mongodb
Ideally, every application has as single federated keycloak user, which gives it access to exactly the resources it needs to function, but we have to decide on the cost/benefit/security tradeoffs
Currently rabbitmq is running as guest/guest. We should at the very least set a proper password and manage it as a Kubernetes secret
As a second step we should understand how fine grained we want to do authorization:
Similar considerations should be made for mongodb
Ideally, every application has as single federated keycloak user, which gives it access to exactly the resources it needs to function, but we have to decide on the cost/benefit/security tradeoffs