Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose internal Servers with localhost on Kubernetes/OpenShift infrastructures #10420

Closed
sleshchenko opened this issue Jul 13, 2018 · 1 comment
Closed

Expose internal Servers with localhost on Kubernetes/OpenShift infrastructures #10420

sleshchenko opened this issue Jul 13, 2018 · 1 comment
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. status/open-for-dev An issue has had its specification reviewed and confirmed. Waiting for an engineer to take it.

Comments

@sleshchenko
Copy link
Member

sleshchenko commented Jul 13, 2018
edited
Loading

Description

The current way of exposing internal server may have the following security issue: in a case when Che is configured to use the same namespace for workspaces of different users, there is an ability for a user to request another user internal servers.

Initially, internal servers were implemented for Language Server that doesn't have any authentication. So, it would be more secure to not to create any services for exposing internal servers and return localhost as host of internal server. Since Language server and workspace agent (or theia server side) should be in the same pod because of using the same projects volume, LS can be requested by using URL similar to tcp://localhost:4393

So, it is needed expose internal Servers with localhost on Kubernetes/OpenShift infrastructures.
@sleshchenko sleshchenko added status/open-for-dev An issue has had its specification reviewed and confirmed. Waiting for an engineer to take it. kind/task Internal things, technical debt, and to-do tasks to be performed. labels Jul 13, 2018
@sleshchenko sleshchenko mentioned this issue Jul 13, 2018
Closed
@sleshchenko sleshchenko changed the title Do not expose internal servers with Service on Kubernetes/OpenShift infrastructures Expose internal Servers with localhost on Kubernetes/OpenShift infrastructures Jul 13, 2018
@gazarenkov gazarenkov mentioned this issue Aug 1, 2018
Closed
@che-bot
Copy link
Contributor

che-bot commented Sep 7, 2019

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 7, 2019
@che-bot che-bot closed this as completed Sep 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. status/open-for-dev An issue has had its specification reviewed and confirmed. Waiting for an engineer to take it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sleshchenko @che-bot