Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes deployment model alignment with documented security concerns #639

Open
jmcshane opened this issue Apr 5, 2023 · 0 comments
Open

Kubernetes deployment model alignment with documented security concerns #639

jmcshane opened this issue Apr 5, 2023 · 0 comments
Labels
question Further information is requested
Milestone
Indexer Experience

Comments

@jmcshane
Copy link

jmcshane commented Apr 5, 2023
edited
Loading

In the Indexing docs, it says:

Firewall - Only the Indexer service needs to be exposed publicly and particular attention should be paid to locking down admin ports and database access: the Graph Node JSON-RPC endpoint (default port: 8030), the Indexer management API endpoint (default port: 18000), and the Postgres database endpoint (default port: 5432) should not be exposed.

The service for the query-node uses a NodePort service across all the endpoints:

indexer/k8s/base/query-node/service.yaml

Lines 17 to 18 in 0d10609

- name: index-node
port: 8030

This was done in #493 but not explicitly called out in the PR docs why the ports needed to be added to the externally facing service (changed from LoadBalancer to NodePort).
@tilacog tilacog added the question Further information is requested label Apr 18, 2023
@tilacog tilacog added this to Indexer Apr 18, 2023
@github-project-automation github-project-automation bot moved this to 🗃️ Inbox in Indexer Apr 18, 2023
@tilacog tilacog moved this from 🗃️ Inbox to 📒 Todo in Indexer Apr 18, 2023
@fordN fordN moved this from 📒 Todo to 🙏 Feature Requests in Indexer Aug 8, 2023
@fordN fordN moved this from 🙏 Feature Requests to 🗃️ Inbox in Indexer Aug 8, 2023
@alex-pakalniskis alex-pakalniskis added this to the Indexer Experience milestone Sep 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
Indexer
Status: 🗃️ Inbox
Milestone
Indexer Experience
Development

No branches or pull requests
3 participants
@tilacog @jmcshane @alex-pakalniskis