-
Notifications
You must be signed in to change notification settings - Fork 571
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support reverse dns on backups #2525
Comments
Thanks for suggestion! we do plan to add "mananged-by: longhorn" for these pods in future release. |
@n0rad |
This look like an annotation and not like a label, but if it's a label, this should be enough to allow creation of a service out of it. |
If I remember correctly, the backup happens in the replica manager Pods. Ref to: |
@n0rad can you see if creation of a service against the label The recurring jobs just trigger api calls against the longhorn-backend, so as long as the backend + replica/engines have access to the nfs server that should be fine. |
Hum ok, I was not aware that jobs was not those accessing the NFS. it's working. By adding a service on Managers still need to be able to access the NFS to list available backups so |
Hi,
NFS is not very secured and one mechanism to limit access is by filtering who can connect using reverse DNS resolution.
If the NFS server is using the Kubernetes DNS server, access can be filtered by
namespace
orservice
.This allows managers to connect to NFS but does not allow backups to do so.
*.longhorn-system.svc.cluster.local
will not work either because backups pod are not on any service and so have no reverse DNS resolution.Can you please add backups pod to service so they can be identified as
endpoints
and have reverse DNS resolution?If not can you at least add a fixed label to those pods so the service can be declared outside of longhorn?
The text was updated successfully, but these errors were encountered: