Disable console access on internal admin port 11223

- Explicitly state which Infinispan port should be used to connect to the Infinispan console Resolves #1916
infinispan · Jan 8, 2024 · 7baca0c · 7baca0c
1 parent 3d75af8
commit 7baca0c
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 2 deletions.
diff --git a/documentation/asciidoc/topics/proc_connecting_console.adoc b/documentation/asciidoc/topics/proc_connecting_console.adoc
@@ -14,3 +14,5 @@ For example, configure a `LoadBalancer` service or create a `Route`.
 * Access the console from any browser at `$HOSTNAME:$PORT`.
 +
 Replace `$HOSTNAME:$PORT` with the network location where {brandname} is available.
+
+NOTE: The {brandname} Console can only be accessed via {k8s} services or an {openshiftshort} `Route` exposing port 11222.
diff --git a/documentation/asciidoc/topics/ref_network_services.adoc b/documentation/asciidoc/topics/ref_network_services.adoc
@@ -16,6 +16,12 @@ Reference information for network services that {ispn_operator} creates and mana
 | TCP
 | Access to {brandname} endpoints within the {k8s} cluster or from an {openshiftshort} `Route`.
 
+| `<cluster_name>-admin`
+| `11223`
+| TCP
+| Access to {brandname} endpoints within the {k8s} cluster for internal {ispn_operator} use. This port utilises a different
+security-realm to port 11222 and should not be accessed by user applications.
+
 | `<cluster_name>-ping`
 | `8888`
 | TCP
@@ -32,3 +38,5 @@ Reference information for network services that {ispn_operator} creates and mana
 | JGroups RELAY2 channel for cross-site communication.
 
 |===
+
+NOTE: The {brandname} Console can only be accessed via {k8s} services or an {openshiftshort} `Route` exposing port 11222.
diff --git a/pkg/templates/templates/infinispan-admin-13.xml b/pkg/templates/templates/infinispan-admin-13.xml
@@ -67,7 +67,7 @@
         </security-realms>
     </security>
     <endpoints>
-        <endpoint socket-binding="admin" security-realm="admin">
+        <endpoint socket-binding="admin" security-realm="admin" admin="false">
             <rest-connector>
                 <authentication mechanisms="BASIC DIGEST"/>
             </rest-connector>

diff --git a/pkg/templates/templates/infinispan-admin-14.xml b/pkg/templates/templates/infinispan-admin-14.xml
@@ -76,7 +76,7 @@
         </security-realms>
     </security>
     <endpoints security-realm="admin">
-        <endpoint socket-binding="admin" security-realm="admin">
+        <endpoint socket-binding="admin" security-realm="admin" admin="false">
             <rest-connector>
                 <authentication mechanisms="BASIC DIGEST"/>
             </rest-connector>