scylla-operator icon indicating copy to clipboard operation
scylla-operator copied to clipboard

Published 20 hours ago verified publisher icon scylladb

Disable JMX service

Open tnozicka opened this issue 1 year ago • 2 comments

JMX service is deprecated in ScyllaDB and not used in any of the flows with the Operator either.

It exposes 2 insecure ports: 7199 on 127.0.0.1 and random port on 0.0.0.0. Removing it helps us harden ScyllaDB security.

We should also not run multiple service in one container so this helps with container split as well.

tnozicka avatar Feb 28 '24 10:02 tnozicka

nodetool still relies on this :(

kubectl logs -c e2e-drain-scylla -f pod/basic-8gn5q-us-east-1-us-east-1a-1
nodetool: Failed to connect to '127.0.0.1:7199' - ConnectException: 'Connection refused (Connection refused)'.

tnozicka avatar Feb 29 '24 07:02 tnozicka

split the random port into https://github.com/scylladb/scylla-operator/issues/1778

tnozicka avatar Feb 29 '24 08:02 tnozicka