Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No way to use a different TCP port #20

Open
makkes opened this issue Jan 3, 2025 · 2 comments
Open

No way to use a different TCP port #20

makkes opened this issue Jan 3, 2025 · 2 comments

Comments

@makkes
Copy link

makkes commented Jan 3, 2025

From what I understand the format of the storageAddress in the Secret referenced in TridentBackendConfig.spec.credentials.name only allows to specify a host or IP address but no TCP port. The driver always uses port 8080.

This is a problem in environments where TLS transport encryption is mandatory (which really should be any environment).

One way to mitigate this would be to enforce HTTPS redirection and enable HSTS in the "General Settings" (QuTS hero) as shown here:

Screenshot 2025-01-03 at 7 51 46 PM

But a much better way would be to not have port 8080 open to begin with and be able to tell the CSI driver to use port 443.
This was referenced Jan 3, 2025
Open
Open
@JimmyTanMPM
Copy link
Collaborator

Hi @makkes
In this case, recommend to disable http in General Settings in the mean time http port will be disabled.

@makkes
Copy link
Author

makkes commented Feb 4, 2025

From how I understand the driver, disabling HTTP completely will render the driver useless as it will always try to connect to port 8080. What am I missing here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@makkes @JimmyTanMPM