Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[devworkspace] Rework WorkspaceRouting to run container inside workspace pod #15786

Closed
sleshchenko opened this issue Jan 22, 2020 · 1 comment
Closed

[devworkspace] Rework WorkspaceRouting to run container inside workspace pod #15786

sleshchenko opened this issue Jan 22, 2020 · 1 comment
Assignees
@amisevsk
Labels
engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. kind/task Internal things, technical debt, and to-do tasks to be performed.

Comments

@sleshchenko
Copy link
Member

Is your task related to a problem? Please describe.

This is related to #15651
On some clusters where NetworkPolicy is not configured properly, it's possible to reach any container port from any Kubernetes namespace.
It would be more secure if we run WorkspaceRouting inside of WorkspacePod and make a secure server(like CloudShell) listen to only localhost interface.
When the only reachable port outside of workspace pod would be secure.
@sleshchenko sleshchenko added kind/task Internal things, technical debt, and to-do tasks to be performed. engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. team/controller labels Jan 22, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jan 22, 2020
@l0rd l0rd mentioned this issue Jan 22, 2020
Closed
38 tasks
@benoitf benoitf removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jan 22, 2020
@amisevsk amisevsk self-assigned this Feb 12, 2020
@amisevsk amisevsk mentioned this issue Feb 28, 2020
Closed
@sleshchenko
Copy link
Member Author

It should be already addressed in https://github.com/amisevsk/che-workspace-operator-rework and the changes will be delivered to the main repo in the scope of #16494

@amisevsk amisevsk mentioned this issue Apr 1, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amisevsk amisevsk

Labels
engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@benoitf @sleshchenko @amisevsk @che-bot