Status HTTP server should be securely protected
hzxuzhonghu opened this issue · comments
Kmesh startup a server for debugging and status query here https://github.com/kmesh-net/kmesh/blob/main/cmd/command/http_server.go. it also allows updating bpf map
It is not secure to have no authz, we should set different policies for different interfaces. We can refer to istio status server to do so.
/kind security