Secure CQL by default - Githubissues

scylladb / scylla-operator

The Kubernetes Operator for ScyllaDB

https://operator.docs.scylladb.com/

Apache License 2.0

333 stars 163 forks source link

Secure CQL by default #1764

Open tnozicka opened 7 months ago

tnozicka commented 7 months ago

Every ScyllaDB cluster should be secure by default. We already have CQL over TLS and automatic certificates for it so it starts by default. With that ready, and when it is promoted from beta to GA, we should introduce an option to disable the insecure CQL port to give users an option to enable it explicitly before we change the "default" setup in a following release not to run it without the explicitly asking for it with the new filed.


### TODO
- [ ] Add API field to control CQL insecure port for ScyllaClusters
- [ ] #1765 
- [ ] Disable insecure CQL for default ScyllaClusters

scylla-operator-bot[bot] commented 3 months ago

The Scylla Operator project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 30d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out

/lifecycle stale

tnozicka commented 2 months ago

/remove-lifecycle stale /triage accepted