Restrict ports where users connect to repositories
A single Cyral sidecar cluster usually monitors and protects many repositories of different types. To make it easy for data users to connect to these repositories using the port numbers they're accustomed to, the sidecar cluster exposes multiple ports, which are neatly organized in each repo's section of the provided values file.
You can restrict or increase the set of exposed ports by either changing
the exposed ports for each repository or by overriding all ports on the main
service configuration of the
Changing a single repository exposed ports
values.yaml file, you can disable a specific repository, which will make its
defined ports not get exposed in the main service. For example, by default,
mysql section of the
values.yaml file contains this definition:
# ports that are added to the sidecar service
This means that the ports
3308 will be exposed in the
sidecar service. To increase or decrease the ports exposed for
mysql, you can
add or remove ports from the
mysql.sidecar.ports section of the
This is analogous for all repositories, that is, you can change the
section to add or remove specific ports from the exposed list.
If a repository is disabled, that is, the
<repo>.enabled key is set to
none of its ports will be exposed in the service.
Overriding all exposed ports
If you only need to expose a few ports and don't want to go through the trouble of
changing all repository ports, you can use the
service.ports section of the
values.yaml file, which will make the chart ignore repo-specific port definitions
and only expose the ports defined in that section.
The above example makes no port but
5432 be exposed on the service.