You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18 lines
819 B
18 lines
819 B
# Penetration test enahncement: check port 15010 & 8080 in istiod: According to https://istio.io/latest/docs/ops/best-practices/security/#control-plane port 15010
|
|
# is not that problematic (only resource discovery). Other parts of the documentation also say| 15010 | GRPC | XDS and CA services (Plaintext, only for secure networks) |
|
|
# We have a secure network layer and only XDS is served.
|
|
# Port 8080 is not listed in the service and even if it would be somehow reachable by IP it only "offers read access".
|
|
# Nevertheless we set ENABLE_DEBUG_ON_HTTP=false do disable it entirely.
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: istiod
|
|
namespace: istio-system
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: discovery
|
|
env:
|
|
- name: ENABLE_DEBUG_ON_HTTP
|
|
value: 'false'
|
|
|