Disable JMX service - Githubissues

scylladb / scylla-operator

The Kubernetes Operator for ScyllaDB

https://operator.docs.scylladb.com/

Apache License 2.0

340 stars 175 forks source link

Disable JMX service #1762

Open tnozicka opened 9 months ago

tnozicka commented 9 months ago

JMX service is deprecated in ScyllaDB and not used in any of the flows with the Operator either.

It exposes 2 insecure ports: 7199 on 127.0.0.1 and random port on 0.0.0.0. Removing it helps us harden ScyllaDB security.

We should also not run multiple service in one container so this helps with container split as well.

tnozicka commented 9 months ago

nodetool still relies on this :(

kubectl logs -c e2e-drain-scylla -f pod/basic-8gn5q-us-east-1-us-east-1a-1
nodetool: Failed to connect to '127.0.0.1:7199' - ConnectException: 'Connection refused (Connection refused)'.

tnozicka commented 9 months ago

split the random port into https://github.com/scylladb/scylla-operator/issues/1778

scylla-operator-bot[bot] commented 4 months ago

The Scylla Operator project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 30d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out

/lifecycle stale

tnozicka commented 4 months ago

/remove-lifecycle stale /triage accepted