i’ve deployed a Rasa X in a kubernetes cluster through the Helm charts and I’ve encountered a security problem and I think i’m doing something wrong. The LoadBalancer service of nginx allows to connect to the Rasa web interface and also to do some rest calls to Rasa Open Source API. The problem is that in this way the rasa open source apis are open to internet without any limitations. The rest apis are only called from internal services I could convert the LoadBalancer to a ClusterIP. The problem of this solution is that I cannot access the Rasa X web interface anymore. How can I:
- keep “rasax-endpoint:8000” open to anyone with the credentials
- limit “rasax-endpoint:8000/webhooks/rest/webhook” to the internal cluster network?