Root server can be disable with node lifecycle "ignore" "set empty policies"
We can disable the policies for Rudder Root server - so no new policies will be set, and so new nodes cannot fetch their policies
We ought to have some kind on limits on what state can be put on the Root Server
#2 Updated by François ARMAND 8 months ago
- Tags set to Blocking 4.3
- Subject changed from We can ignore or set empty policies for Rudder Root server, which is probably not what we want to Root server can be disable with node lifecycle "ignore" "set empty policies"
- Assignee set to François ARMAND
In fact, we should not be able to change root server lifecycle at all.
#6 Updated by François ARMAND 8 months ago
I think we should keep the possibility to change lifecycle for other policy servers or rudder component.
At least, for realy servers, we must have it. We want to be able to keep only system policy on a relay (to make it works as a relay even if a user rule is not correct), or disable it, or whatever.
For Rudder component, it is less clear, but I don't see real problem on keeping it.