mirror of
https://github.com/ChristianLight/tutor.git
synced 2024-06-07 08:30:48 +00:00
security: convert NodePort to ClusterIP for better isolation
On some providers (notably: DigitalOcean) NodePort services are not exposed to the outside world. But this is not what the Kubernetes spec describes: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types Thus, there is a risk that NodePort services are exposed to the outside world in some context. To avoid this, we convert all NodePort to ClusterIP resources.
This commit is contained in:
Régis Behmo
Régis Behmo
parent
3ad68ab782
commit
e5b63604de
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
Note: Breaking changes between versions are indicated by "💥".
|
||||
|
||||
- [Security] On Kubernetes, convert all NodePort services to ClusterIP to guarantee network isolation from outside the cluster.
|
||||
- 💥[Improvement] Drop Python 3.5 compatibility.
|
||||
- [Bugfix] Fix docker-compose project name in development on nightly branch.
|
||||
- 💥[Bugfix] No longer track the Tutor version number in resource labels (and label selectors, which breaks the update of Deployment resources), but instead do so in resource annotations.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ kind: Service
|
|||
metadata:
|
||||
name: cms
|
||||
spec:
|
||||
type: NodePort
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8000
|
||||
protocol: TCP
|
||||
|
|
@ -35,7 +35,7 @@ kind: Service
|
|||
metadata:
|
||||
name: lms
|
||||
spec:
|
||||
type: NodePort
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8000
|
||||
protocol: TCP
|
||||
|
|
@ -49,7 +49,7 @@ kind: Service
|
|||
metadata:
|
||||
name: elasticsearch
|
||||
spec:
|
||||
type: NodePort
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 9200
|
||||
protocol: TCP
|
||||
|
|
@ -63,7 +63,7 @@ kind: Service
|
|||
metadata:
|
||||
name: mongodb
|
||||
spec:
|
||||
type: NodePort
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 27017
|
||||
protocol: TCP
|
||||
|
|
@ -77,7 +77,7 @@ kind: Service
|
|||
metadata:
|
||||
name: mysql
|
||||
spec:
|
||||
type: NodePort
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 3306
|
||||
protocol: TCP
|
||||
|
|
@ -91,7 +91,7 @@ kind: Service
|
|||
metadata:
|
||||
name: redis
|
||||
spec:
|
||||
type: NodePort
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: {{ REDIS_PORT }}
|
||||
protocol: TCP
|
||||
|
|
@ -105,7 +105,7 @@ kind: Service
|
|||
metadata:
|
||||
name: smtp
|
||||
spec:
|
||||
type: NodePort
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8025
|
||||
protocol: TCP
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user