Details
-
Task
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
False
-
False
-
Undefined
Description
The full Cruise Control API can be accessed directly by users by sending HTTP requests to the application on the Cruise Control pod. This allows users to preform potentially destructive operations on Kafka clusters without being properly vetted by the Cluster Operator. All non-read interactions with Cruise Control should happen through the supported KafkaRebalance custom resource and should not be allowed by any other method.
We need a way to prevent users from accessing the Cruise Control API directly.
Upstream issue can be found here:
[1] https://github.com/strimzi/strimzi-kafka-operator/issues/3770
Attachments
Issue Links
- is documented by
-
ENTMQST-3276 [DOC OCP] Lock down Cruise Control API
- Closed