Kubernetes deployment model alignment with documented security concerns

In the [Indexing docs](https://thegraph.com/docs/en/network/indexing/#what-are-some-basic-security-precautions-an-indexer-should-take), it says:

> Firewall - Only the Indexer service needs to be exposed publicly and particular attention should be paid to locking down admin ports and database access: the Graph Node JSON-RPC endpoint (default port: 8030), the Indexer management API endpoint (default port: 18000), and the Postgres database endpoint (default port: 5432) should not be exposed.


The service for the query-node uses a NodePort service across all the endpoints: https://github.com/graphprotocol/indexer/blob/0d106091dd51a3f38c0e5b162befbc3157444d08/k8s/base/query-node/service.yaml#L17-L18

This was done in #493 but not explicitly called out in the PR docs why the ports needed to be added to the externally facing service (changed from LoadBalancer to NodePort).




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Kubernetes deployment model alignment with documented security concerns #639

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	- name: index-node
	port: 8030

Kubernetes deployment model alignment with documented security concerns #639

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions