I haven't seen any more discussion on this topic. It looks like since we
default to enabling SSL/TLS on deployments, there's no reason to block
access to public API endpoints.
On Fri, Nov 13, 2015 at 5:15 PM, Vladimir Kuklin
wrote:
> Adam
>
> I think, the answer is
Adam
I think, the answer is realtively simple - if user does not want to expose
those APIs, he can easily configure his infra to filter this traffic. We
just need to mention this in Ops Guide.
On Fri, Nov 13, 2015 at 4:02 PM, Adam Heczko wrote:
> Hello fuelers,
>
> today
Hello fuelers,
today I'd like to raise a questions about Fuel deployment practice related
to Public (external) network.
Current approach is to expose by default over public IP openstack API
endpoints like nova, cinder, glance, neutron etc. These API services are
exposed through HAProxy with TLS