You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beam.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/05/22 18:44:04 UTC
[jira] [Commented] (BEAM-2342) k8s scripts - must not create
publicly visible service by default
[ https://issues.apache.org/jira/browse/BEAM-2342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019996#comment-16019996 ]
ASF GitHub Bot commented on BEAM-2342:
--------------------------------------
GitHub user ssisk opened a pull request:
https://github.com/apache/beam/pull/3196
[BEAM-2342] Cleanup k8s scripts naming & don't create insecure svc by default
Be sure to do all of the following to help us incorporate your contribution
quickly and easily:
- [X] Make sure the PR title is formatted like:
`[BEAM-<Jira issue #>] Description of pull request`
- [X] Make sure tests pass via `mvn clean verify`.
- [X] Replace `<Jira issue #>` in the title with the actual Jira issue
number, if there is one.
- [X] If this contribution is large, please file an Apache
[Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
---
These scripts setup a internet-accessible service by default, which is
insecure since we rely on firewalls for securing the data stores.
R: @tgroh
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ssisk/beam secure-k8s-es
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/beam/pull/3196.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3196
----
----
> k8s scripts - must not create publicly visible service by default
> -----------------------------------------------------------------
>
> Key: BEAM-2342
> URL: https://issues.apache.org/jira/browse/BEAM-2342
> Project: Beam
> Issue Type: Bug
> Components: testing
> Reporter: Stephen Sisk
> Assignee: Stephen Sisk
>
> The k8s scripts for cassandra and elasticsearch setup a internet-accessible service by default in start-up.sh, which is insecure since we rely on firewalls for securing the data stores.
> We *should* keep these kubernetes scripts for doing local development work (-local-dev.yaml), but we shouldn't set them up by default in the script.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)