Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Service to be exposed as NodePort should be disabled by default #3253

Closed
rhtevan opened this issue May 4, 2022 · 1 comment · Fixed by #3263
Closed

Enable Service to be exposed as NodePort should be disabled by default #3253

rhtevan opened this issue May 4, 2022 · 1 comment · Fixed by #3263
Assignees
@tadayosi
Labels
area/traits

Comments

@rhtevan
Copy link

rhtevan commented May 4, 2022

The --trait service.node-port is set to true by default. Given that node port is rarely used in OpenShift or Kubernetes these days for http services, would it not make more sense to default this to ClusterIP? Customers are typically pretty sensitive about opening ports directly to the cluster.
@agahchen
Copy link

agahchen commented May 4, 2022

Thank you for raising this issue @rhtevan . We were surprised to discover this through a separate QA process by our OpenShift cluster operations team recently as they scan for potential network vulnerabilities and unintended exposures. Setting --trait service.node-port=false reverts the service type to ClusterIP. It would be ideal to apply the 'deny-by-default' approach and create node port-based service objects if explicitly requested.

@tadayosi tadayosi self-assigned this May 11, 2022
tadayosi added a commit to tadayosi/camel-k that referenced this issue May 11, 2022
@tadayosi
fix(trait): disable NodePort by default for Service trait
e6bf9d9 
Fix apache#3253
tadayosi added a commit to tadayosi/camel-k that referenced this issue May 11, 2022
@tadayosi
fix(trait): disable NodePort by default for Service trait
8d326ce 
Fix apache#3253
@tadayosi tadayosi mentioned this issue May 11, 2022
Merged
tadayosi added a commit that referenced this issue May 12, 2022
@tadayosi
fix(trait): disable NodePort by default for Service trait
343784b 
Fix #3253
tadayosi added a commit to tadayosi/camel-k that referenced this issue May 25, 2022
@tadayosi
fix(trait): disable NodePort by default for Service trait
f5c76ae 
Fix apache#3253
@tadayosi tadayosi mentioned this issue May 25, 2022
Merged
tadayosi added a commit that referenced this issue May 25, 2022
@tadayosi
fix(trait): disable NodePort by default for Service trait
f3eba62 
Fix #3253
squakez pushed a commit to jboss-fuse/camel-k that referenced this issue May 31, 2022
@tadayosi @squakez
fix(trait): disable NodePort by default for Service trait
4ec9016 
Fix apache#3253

(cherry picked from commit apache/camel-k@f3eba62e6)
squakez pushed a commit to jboss-fuse/camel-k that referenced this issue May 31, 2022
@tadayosi @squakez
fix(trait): disable NodePort by default for Service trait
34ac26e 
Fix apache#3253

(cherry picked from commit apache/camel-k@f3eba62e6)
squakez pushed a commit to jboss-fuse/camel-k that referenced this issue May 31, 2022
@tadayosi @squakez
fix(trait): disable NodePort by default for Service trait
7037a39 
Fix apache#3253

(cherry picked from commit apache/camel-k@f3eba62e6)
squakez pushed a commit to jboss-fuse/camel-k that referenced this issue May 31, 2022
@tadayosi @squakez
fix(trait): disable NodePort by default for Service trait
5f78a51 
Fix apache#3253

(cherry picked from commit apache/camel-k@f3eba62e6)
squakez pushed a commit to jboss-fuse/camel-k that referenced this issue Jun 1, 2022
@tadayosi @squakez
fix(trait): disable NodePort by default for Service trait
7837df5 
Fix apache#3253

(cherry picked from commit apache/camel-k@f3eba62e6)
phantomjinx pushed a commit to phantomjinx/camel-k that referenced this issue Aug 11, 2022
@tadayosi @phantomjinx
fix(trait): disable NodePort by default for Service trait
0730903 
Fix apache#3253
squakez pushed a commit that referenced this issue Aug 11, 2022
@tadayosi @squakez
fix(trait): disable NodePort by default for Service trait
0a921c4 
Fix #3253
squakez pushed a commit to jboss-fuse/camel-k that referenced this issue Aug 11, 2022
@tadayosi @squakez
fix(trait): disable NodePort by default for Service trait
d4b5d4c 
Fix apache#3253

(cherry picked from commit apache/camel-k@0a921c4bf)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tadayosi tadayosi

Labels
area/traits
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(trait): disable NodePort by default for Service trait tadayosi/camel-k
4 participants
@tadayosi @squakez @agahchen @rhtevan