Status HTTP server should be securely protected

Question

hzxuzhonghu opened this issue 6 months ago · comments

Kmesh startup a server for debugging and status query here https://github.com/kmesh-net/kmesh/blob/main/cmd/command/http_server.go. it also allows updating bpf map

It is not secure to have no authz, we should set different policies for different interfaces. We can refer to istio status server to do so.

Tiger Xu / Zhonghu Xu · Answer 1 · Thu Jan 04 2024 11:58:24 GMT+0800 (China Standard Time)

/kind security