You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@beam.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/05/22 18:44:04 UTC

[jira] [Commented] (BEAM-2342) k8s scripts - must not create publicly visible service by default

    [ https://issues.apache.org/jira/browse/BEAM-2342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019996#comment-16019996 ] 

ASF GitHub Bot commented on BEAM-2342:
--------------------------------------

GitHub user ssisk opened a pull request:

    https://github.com/apache/beam/pull/3196

    [BEAM-2342] Cleanup k8s scripts naming & don't create insecure svc by default

    Be sure to do all of the following to help us incorporate your contribution
    quickly and easily:
    
     - [X] Make sure the PR title is formatted like:
       `[BEAM-<Jira issue #>] Description of pull request`
     - [X] Make sure tests pass via `mvn clean verify`.
     - [X] Replace `<Jira issue #>` in the title with the actual Jira issue
           number, if there is one.
     - [X] If this contribution is large, please file an Apache
           [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
    
    ---
    
    These scripts setup a internet-accessible service by default, which is
    insecure since we rely on firewalls for securing the data stores.
    
    R: @tgroh 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ssisk/beam secure-k8s-es

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/beam/pull/3196.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3196
    
----

----


> k8s scripts - must not create publicly visible service by default
> -----------------------------------------------------------------
>
>                 Key: BEAM-2342
>                 URL: https://issues.apache.org/jira/browse/BEAM-2342
>             Project: Beam
>          Issue Type: Bug
>          Components: testing
>            Reporter: Stephen Sisk
>            Assignee: Stephen Sisk
>
> The k8s scripts for cassandra and elasticsearch setup a internet-accessible service by default in start-up.sh, which is insecure since we rely on firewalls for securing the data stores. 
> We *should* keep these kubernetes scripts for doing local development work (-local-dev.yaml), but we shouldn't set them up by default in the script.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)