-
Notifications
You must be signed in to change notification settings - Fork 345
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Service to be exposed as NodePort should be disabled by default #3253
Comments
Thank you for raising this issue @rhtevan . We were surprised to discover this through a separate QA process by our OpenShift cluster operations team recently as they scan for potential network vulnerabilities and unintended exposures. Setting --trait service.node-port=false reverts the service type to ClusterIP. It would be ideal to apply the 'deny-by-default' approach and create node port-based service objects if explicitly requested. |
Fix apache#3253 (cherry picked from commit apache/camel-k@f3eba62e6)
Fix apache#3253 (cherry picked from commit apache/camel-k@f3eba62e6)
Fix apache#3253 (cherry picked from commit apache/camel-k@f3eba62e6)
Fix apache#3253 (cherry picked from commit apache/camel-k@f3eba62e6)
Fix apache#3253 (cherry picked from commit apache/camel-k@f3eba62e6)
Fix apache#3253 (cherry picked from commit apache/camel-k@0a921c4bf)
The
--trait service.node-port
is set to true by default. Given that node port is rarely used in OpenShift or Kubernetes these days for http services, would it not make more sense to default this to ClusterIP? Customers are typically pretty sensitive about opening ports directly to the cluster.The text was updated successfully, but these errors were encountered: