Hello, is there a config that allow the user to disable the admin user interface

[Nomia]

Hello, is there a config that allow the user to disable the admin user interface?

Currently there is no auth configuration for the admin user interface, our security team worried about the unintentional write operation(e.g. remove/stop a service or add a service) that would break our services or cause chaos, so it would be better if we can:

1. disable the admin ui
2. disable the write operation for the admin ui
3. even disable the admin as a whole(the log reporting & admin ui), if it's possible.(from my understanding that the restate server is essential for all the services, but not the admin)

[Nomia]

I've read all the configuration in this section, and the admin configuration section, there seems isn't a setting that will meet the above requirement(disabled the admin ui), could you help give some guidance here, our project is going to be live next week, really appreciate! @tillrohrmann @slinkydeveloper

[pcholakov]

Hey @Nomia! The UI itself doesn't expose any additional capabilities that the admin API offers. Also consider that you (or your operations team) will still need access to the admin API in order to deploy services, query/cancel invocations etc. The restate CLI operates over this port/API, as do other deployment automation tools.

What you may consider to tighten up the security is apply IP-based access control, or bind the admin listener to 127.0.0.1:9070 to make it accessible only from the local machine. You can optionally set up an authenticating reverse-proxy in front of it. Would any of these options meet your requirements?