Skip to content
This repository has been archived by the owner on Dec 4, 2024. It is now read-only.

Ensure that setting --group "*" matches only apps that have an HAPROXY_GROUP label defined and ignore apps that don't have it defined. #403

Closed
vishnu2kmohan opened this issue Jan 16, 2017 · 2 comments
Closed

Ensure that setting --group "*" matches only apps that have an HAPROXY_GROUP label defined and ignore apps that don't have it defined. #403

vishnu2kmohan opened this issue Jan 16, 2017 · 2 comments
Labels
enhancement

Comments

@vishnu2kmohan
Copy link

Currently, passing the command line argument --group "*" to Marathon-LB will cause it to advertise all apps on their service ports (provided there are no app and port-specific overrides present in their app definition), regardless of whether they have an HAPROXY_GROUP label present in their app definition.

This is not secure-by-default because there may be instances of apps that are never meant to be advertised because they explicitly did not set an HAPROXY_GROUP label.

Please alter the matching strategy to only advertise apps that have HAPROXY_GROUP set in their app definition.

This issue is related to #402 in that we'd like to enforce an opt-in model whenever possible.
brndnmtthws added a commit that referenced this issue Jan 24, 2017
@brndnmtthws
Introduce new --strict-mode option.
f7d4b16 
This also adds a new `HAPROXY_{n}_ENABLED` option, which lets you
enabled/disable individual backends for an app.

This resolves issues #402 and #403.
@brndnmtthws brndnmtthws mentioned this issue Jan 24, 2017
Merged
@brndnmtthws
Copy link
Contributor

I've updated the docs in #410.

brndnmtthws added a commit that referenced this issue Jan 24, 2017
@brndnmtthws
Introduce new --strict-mode option.
00df6ce 
This also adds a new `HAPROXY_{n}_ENABLED` option, which lets you
enabled/disable individual backends for an app.

This resolves issues #402 and #403.
brndnmtthws added a commit that referenced this issue Jan 24, 2017
@brndnmtthws
Introduce new --strict-mode option. (#410)
b46ace4 
This also adds a new `HAPROXY_{n}_ENABLED` option, which lets you
enabled/disable individual backends for an app.

This resolves issues #402 and #403.
@vishnu2kmohan
Copy link
Author

Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vishnu2kmohan @brndnmtthws