Patroni REST API Authentication

[epandurski]

Hi,

I understand that the Patroni REST API is exposed on each spilo pod, at port 8008. Doesn't this pose a major security risk? It seem to me that every program running on the Kubernetes cluster could issue a PATCH /conifg request to this API, and mess up each database cluster. Is it possible to configure basic HTTP authentication for the Patroni REST API endpoints (as described here) ? If yes, how can I do this; and if not, isn't this a big security problem?