Delete open ES authpol
General MR
Summary
- Deletes the open authpol allowing traffic from (anywhere) to Elasticsearch on port 9200; as this does not follow BB least privilege standard.
- BB Applications already have explicit Authorization Policies, therefore should not be affected by this removal.
Relevant logs/screenshots
Linked Issue
Upgrade Notices
Elasticsearch Open Authorization Policy Removed: The authorization policy es-allow-elasticsearch that allowed traffic to the "logging-ek" Elasticsearch cluster on port 9200 has been removed. Big Bang services such as Fluentbit, Fluentd, Jaeger, and Mattermost have their own explicit authorization policies and will not be affected. However, if you're using Elasticsearch with custom applications or non-Big Bang services, you may need to create an explicit AuthorizationPolicy through .Values.istio.customAuthorizationPolicies when .Values.istio.hardened.enabled=true.
Edited by Brian Jackson