consul exec from server nodes only? #326
Comments
|
I'm not sure what the harm is? In most cases, we try to mask the difference between a client/server, and transparently handle the distinction. From the perspective of a user, If you just mean restrictions in the form of ACL rules, then I agree those can be applied, but again, that enforcement can also be done at the edges on the clients. I'm curious to learn more about your concerns though. |
|
Hmm nevermind I thought the same functionality was exposed via the HTTP API as well (for interfacing through CLI), I was just going to chuck the UI behind TLS/basic auth so that would get scary if someone could exec on all your machines haha |
|
Technically, everything the 'exec' command does is over the HTTP API. So it is exposed over that. |
Add PodSecurityPolicies for server-acl-init
…corp#326) * Ensure system recovers quickly from failures or drift in state - helm upgrades will cause the caBundle to get reset on the mutating webhooks. By "reconciling" the state of the system every second, we ensure the drift in this state has a minimal impact on the uptime of the system. it will now verify that the certificates as well as the CA bundle are "correct" every second and update them if they arent. * Compare CABundle on webhook with the CA cert on the bundle without encoding Co-authored-by: Iryna Shustava <[email protected]>
More of a concern/question, but wouldn't it be potentially pretty harmful to allow non-server agent nodes to exec? Would it make more sense to restrict this to server nodes? Curious to hear your thoughts on that!
Really enjoying it so far! Amazing work as usual ;D
The text was updated successfully, but these errors were encountered: