-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lack of rate-limiting controls #2421
Comments
Given the Dashboard is not exposed outside the cluster by default, and that in full read-write mode should never be exposed publicly and should always be deployed behind a reverse proxy for authentication anyway, it could be argued that For read-only mode there's less of a concern as new runs / related resources cannot be created in this mode, however large numbers of concurrent requests or a burst of requests in a short period to list / get / watch resources can indeed still cause high resource usage / slow responses. I'm not sure if this is something that should be built in to the Dashboard application itself or would be better handled by a well-tested reverse proxy solution. Would it make sense to document and/or provide a simple copy-paste example showing how to achieve this with nginx + oauth2-proxy for example? |
Issues go stale after 90d of inactivity. /lifecycle stale Send feedback to tektoncd/plumbing. |
We should document an example for this, I'll try to put something together before end of year. |
A few months ago I did an experiment to rewrite the Dashboard back-end entirely (as well as rearchitecting the client, some of which we've already recently adopted in #2452 and related issues). The resulting (partial) rewrite of the app, with the new back-end is in https://github.com/alangreene/dashboard-next It includes rate-limiting support among other improvements. There will be some breaking changes in config so it'll have to be introduced in a non-breaking manner over a number of releases. I'll be creating issues in the next few weeks to track the various pieces of this with more details. |
Describe the bug
From the Tekton security audit:
Expected behaviour
Environment details
The text was updated successfully, but these errors were encountered: