在 nginx 入口 controller 上使用 hostPort 不安全?
[英]Use hostPort on nginx ingress controller is insecure?
问题描述
I'm using nginx-ingress controller ( https://docs.nginx.com/nginx-ingress-controller ) and I would like to know if expose ingress using hostPort is insecure.
我正在使用 nginx-ingress controller ( https://docs.nginx.com/nginx-ingress-controller )并且我想知道 insecure 是否使用了 host I am currently using nodePort with a balancer layer 3 / 4 on the front.我目前正在使用 nodePort,前面有一个平衡器层 3 / 4。
2 个解决方案
解决方案1
0 2021-04-21 01:17:12
Depends on the application requirements.取决于应用程序的要求。 For very small, one node clusters, it seems like hostPort is exactly what you want.对于非常小的单节点集群,似乎hostPort正是您想要的。 ingress-nginx suggests you configure it to use DaemonSet instead of Deployment to make sure "there can be only one" per node. ingress-nginx建议您将其配置为使用DaemonSet而不是Deployment ,以确保每个节点“只能有一个”。
解决方案2
-1 已采纳 2020-08-10 19:50:26
It is not insecure on it's own it's just REALLY not recommended, it all depend on the security of the deployment that is exposed, and the security of your host.它本身并不是不安全的,只是真的不推荐,这完全取决于公开的部署的安全性以及主机的安全性。
Also, exposing hostPort is not recommended outside of a test stage, because, you can deploy only on pod per host/node (as only one port is available).此外,不建议在测试阶段之外公开 hostPort,因为您只能在每个主机/节点的 pod 上部署(因为只有一个端口可用)。
If you achieve what you wanted to do using nodeport, stick to it, as it's the best choice if you are using a Loadbalancer in front of your cluster如果您使用 nodeport 实现了您想要做的事情,请坚持使用它,因为如果您在集群前面使用负载均衡器,这是最佳选择
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.