Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to disable debug interface of pilot-agent #41457

Closed
zgyn76 opened this issue Oct 17, 2022 · 4 comments
Closed

how to disable debug interface of pilot-agent #41457

zgyn76 opened this issue Oct 17, 2022 · 4 comments
Labels
area/security lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while

Comments

@zgyn76
Copy link

zgyn76 commented Oct 17, 2022
edited by istio-policy-bot

Bug Description

For istiod, i can set env var "ENABLE_DEBUG_ON_HTTP" to "true" to enable debug interface.
why isn't there a similar env var for pilot-agent?

Version

istio control-plane 1.13.8
istio data-plane 1.13.8

Additional Information

No response
@zirain
Copy link
Member

zirain commented Oct 17, 2022

should we provide option to disable debug interface on pilot-agent
@istio/wg-security-maintainers WDYT?

@howardjohn
Copy link
Member

Why?

@zgyn76
Copy link
Author

zgyn76 commented Oct 18, 2022

Why?

For security concerns.
I've noticed that it is recommended to set the parameter ENABLE_DEBUG_ON_HTTP to false for production. Maybe this is for security(?).
Some debug interfaces of pilot-agent are consistent with those of istiod, such as pprof. So, is it necessary to disable the debug interface of pilot-agent for production?

@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Jan 16, 2023
@istio-policy-bot
Copy link

🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2022-10-17. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions.

Created by the issue and PR lifecycle manager.

@istio-policy-bot istio-policy-bot added the lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. label Jan 31, 2023
@hzxuzhonghu hzxuzhonghu mentioned this issue Jan 31, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@howardjohn @zirain @zgyn76 @istio-policy-bot