search

scylladb / scylla-operator

The Kubernetes Operator for ScyllaDB
https://operator.docs.scylladb.com/
Apache License 2.0
331 stars 163 forks source link

Secure ScyllaDB clusters by default #1761

Open tnozicka opened 6 months ago

tnozicka commented 6 months ago

Clusters in default configurations shall be secure by default.

At this point we open a lot of insecure ports that we should not start by default and use the secure variants instead. There are multiple categories of services in here:

Some of the changes will take several releases to gracefully migrate over the default changes after introducing new API fields to control the ports.

All of this config is prone to small changes of version differences so this has to open ports must be validated in an e2e test.

### TODO
- [ ] #1760
- [ ] https://github.com/scylladb/scylla-operator/issues/1778
- [ ] https://github.com/scylladb/scylla-operator/issues/1762
- [ ] https://github.com/scylladb/scylla-operator/issues/1763
- [ ] https://github.com/scylladb/scylla-operator/issues/1764
- [ ] #1769
- [ ] https://github.com/scylladb/scylla-operator/issues/1217
- [ ] https://github.com/scylladb/scylla-operator/issues/1770
- [ ] https://github.com/scylladb/scylla-operator/issues/1772
- [ ] Deal with insecure metrics?
- [ ] https://github.com/scylladb/scylla-operator/issues/1805
scylla-operator-bot[bot] commented 2 months ago

The Scylla Operator project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

/lifecycle stale

tnozicka commented 2 months ago

/remove-lifecycle stale /triage accepted