Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-2319

Lock down Cruise Control API

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • 2.0.0.GA
    • None
    • None
    • None

    Description

      The full Cruise Control API can be accessed directly by users by sending HTTP requests to the application on the Cruise Control pod. This allows users to preform potentially destructive operations on Kafka clusters without being properly vetted by the Cluster Operator. All non-read interactions with Cruise Control should happen through the supported KafkaRebalance custom resource and should not be allowed by any other method.

       

      We need a  way to prevent users from accessing the Cruise Control API directly.

       

      Upstream issue can be found here:

      [1] https://github.com/strimzi/strimzi-kafka-operator/issues/3770

      Attachments

        Issue Links

          is documented by

          Task - Represents a small unit of work that is not end-user facing. ENTMQST-3276 [DOC OCP] Lock down Cruise Control API

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              kliberti Kyle Liberti
              Lukas Kral Lukas Kral
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: