Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[devworkspace] Rework WorkspaceRouting to run container inside workspace pod #15786

Closed
sleshchenko opened this issue Jan 22, 2020 · 1 comment
Closed

[devworkspace] Rework WorkspaceRouting to run container inside workspace pod #15786

sleshchenko opened this issue Jan 22, 2020 · 1 comment
Assignees
@amisevsk
Labels
engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
Controller team sprint #179 Controller team sprint #180 Controller team sprint #181

Comments

@sleshchenko
Copy link
Member

Is your task related to a problem? Please describe.

This is related to #15651
On some clusters where NetworkPolicy is not configured properly, it's possible to reach any container port from any Kubernetes namespace.
It would be more secure if we run WorkspaceRouting inside of WorkspacePod and make a secure server(like CloudShell) listen to only localhost interface.
When the only reachable port outside of workspace pod would be secure.
@sleshchenko sleshchenko added kind/task Internal things, technical debt, and to-do tasks to be performed. engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. team/controller labels Jan 22, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jan 22, 2020
@l0rd l0rd mentioned this issue Jan 22, 2020
Closed
38 tasks
@benoitf benoitf removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jan 22, 2020
@amisevsk amisevsk moved this from To do to In progress in Controller team sprint #179 Feb 12, 2020
@amisevsk amisevsk self-assigned this Feb 12, 2020
@sleshchenko sleshchenko moved this from TODO to In Progress in Controller team sprint #180 Feb 19, 2020
@amisevsk amisevsk mentioned this issue Feb 28, 2020
Closed
@sleshchenko sleshchenko added this to To do in Controller team sprint #181 via automation Mar 6, 2020
@sleshchenko sleshchenko moved this from To do to In progress in Controller team sprint #181 Mar 11, 2020
@sleshchenko
Copy link
Member Author

It should be already addressed in https://github.com/amisevsk/che-workspace-operator-rework and the changes will be delivered to the main repo in the scope of #16494

Controller team sprint #181 automation moved this from In progress to Done Mar 31, 2020
@amisevsk amisevsk mentioned this issue Apr 1, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amisevsk amisevsk

Labels
engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
No open projects
Controller team sprint #179
  
In progress
Controller team sprint #180
  
In Progress
Controller team sprint #181
  
Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@benoitf @sleshchenko @amisevsk @che-bot