Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

optimize the rbac and functions of node-proxy #454

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

optimize the rbac and functions of node-proxy #454

wants to merge 1 commit into from

Conversation

renyunkang
Copy link
Member

@renyunkang renyunkang commented Sep 13, 2024
edited
Loading

Description

What type of PR is this ?:

  • Optimized RBAC permissions for the node-proxy component.
    This refers to refining the Role-Based Access Control rules specifically for the node-proxy to ensure it only has the necessary permissions to perform its functions, enhancing security and minimizing potential risks.

  • Enhanced node-proxy functionality.
    Storing allocation results in the ingress.hostname field instead of ingress.ip. Directly using ingress.ip for storage can lead to kube-proxy's IPVS binding to that IP, potentially impacting the node's network stability. To circumvent this, the allocation results are stored in ingress.hostname, which doesn't accept raw IP addresses. To accommodate this, an "lb-" prefix is added to the IP address.

We can consider implementing Load Balancer IP Mode for Services in the future.

Related links:

node-proxy: #214
https://github.com/openelb/openelb/security/advisories/GHSA-xg5w-m7qr-r8ch

@ks-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: renyunkang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@ks-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: renyunkang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ks-ci-bot ks-ci-bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Sep 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zheng1 zheng1 Awaiting requested review from zheng1

@chaunceyjiang chaunceyjiang Awaiting requested review from chaunceyjiang

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renyunkang @ks-ci-bot