-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: Securing the Atlantis UI #1502
Comments
the atlantis webhook |
Atlantis recently added a feature that will make it easier to implement this https://www.runatlantis.io/docs/security.html#enable-authentication-on-atlantis-web-server |
What would you like to be added:
As a maintainer I'd like to have the exposed Services, which are reachable from the web, being more secured.
Currently the Atlantis website is open for everyone, and everyone is able to hit the button to Dis- and enable the 'apply commands' directly from the UI.
Initially, I guess, it's ok to to workaround with NGINX Whitelist Feature.
https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
In the long-run, it could be wise to integrate it more to vault. Like it is currently with ArgoCD, and so on.
PS: This Feature is not fully qualified in its description. One might add more technicial details.
Why is this needed:
Since the overall provisioning of the Cluster is about production-grade readiness, an exposed website should not be accessible without some sort of login features.
At least it brings some good feeling for the end-user and decision makers.
The text was updated successfully, but these errors were encountered: