Note that the Juju client also talks on 17070. So while you could certainly
firewall it, you'd have to include places where you want to run 'juju
status'.
I think having both "expose Endpoint to Space/CIDR" and "model controller
as an app" would give us a good experience here.
John
=:->
On Fri, Aug 30, 2019, 03:25 Andrea Ieri <email address hidden> wrote:
> Public bug reported:
>
> The default security groups deployed by Juju allow ingress traffic on port
> 17070 from any source.
> A customer of ours has recently raised the concern that this is too open,
> and I think this could be restricted to the set of controllers, at least
> for local deployments (I imagine it might get tricky for JAAS setups).
>
> ** Affects: juju
> Importance: Undecided
> Status: New
>
> ** Information type changed from Private Security to Public
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https://bugs.launchpad.net/bugs/1842006
>
> Title:
> Restrict ingress port 17070 to the controllers
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1842006/+subscriptions
>
Note that the Juju client also talks on 17070. So while you could certainly
firewall it, you'd have to include places where you want to run 'juju
status'.
I think having both "expose Endpoint to Space/CIDR" and "model controller
as an app" would give us a good experience here.
John
=:->
On Fri, Aug 30, 2019, 03:25 Andrea Ieri <email address hidden> wrote:
> Public bug reported: /bugs.launchpad .net/bugs/ 1842006 /bugs.launchpad .net/juju/ +bug/1842006/ +subscriptions
>
> The default security groups deployed by Juju allow ingress traffic on port
> 17070 from any source.
> A customer of ours has recently raised the concern that this is too open,
> and I think this could be restricted to the set of controllers, at least
> for local deployments (I imagine it might get tricky for JAAS setups).
>
> ** Affects: juju
> Importance: Undecided
> Status: New
>
> ** Information type changed from Private Security to Public
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https:/
>
> Title:
> Restrict ingress port 17070 to the controllers
>
> To manage notifications about this bug go to:
> https:/
>