Enhancing security and rate limiting for Katalyst endpoints
caohe opened this issue · comments
What would you like to be added?
This issue proposes adding authentication and rate limiting capabilities to various endpoints within Katalyst. This enhancement would encompass two main categories of interfaces:
-
HTTP Endpoints: Specifically, we aim to secure and implement rate limiting for the data provisioning interface from the Katalyst Agent to KCMAS. This involves integrating authentication mechanisms to ensure that only authorized entities can access this interface. Additionally, incorporating rate limiting would prevent abuse and ensure fair usage of resources, maintaining optimal performance even during high traffic scenarios.
-
gRPC Endpoints: Extend these security measures to each manager's plugin registration endpoint.
Why is this needed?
Currently, the endpoints provided by Katalyst has no authentication and rate limiting mechanism, which brings some risks to the stability of the cluster.The inclusion of authentication and rate limiting mechanisms for Katalyst endpoints addresses security and performance concerns.