github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ClientConfig should not default to http://localhost:8080

Browse Source 
This changes clientcmd to skip the default cluster, but preserves the
behavior in kubectl. This prevents the possibility of an administrator
misconfiguration in kubelet or other server component from allowing a
third party who can bind to 8080 on that host from potentially
impersonating an API server and gaining root access.
This commit is contained in:
Clayton Coleman
2016-08-17 16:09:04 -04:00
parent 3ccb99d87d
commit 06cbb29e9e
6 changed files with 50 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/client/unversioned/clientcmd/overrides.go
View File

@@ -27,10 +27,12 @@ import (
// ConfigOverrides holds values that should override whatever information is pulled from the actual Config object. You can't
// simply use an actual Config object, because Configs hold maps, but overrides are restricted to "at most one"
type ConfigOverrides struct {
AuthInfo clientcmdapi.AuthInfo
ClusterInfo clientcmdapi.Cluster
Context clientcmdapi.Context
CurrentContext string
AuthInfo clientcmdapi.AuthInfo
// ClusterDefaults are applied before the configured cluster info is loaded.
ClusterDefaults clientcmdapi.Cluster
ClusterInfo clientcmdapi.Cluster
Context clientcmdapi.Context
CurrentContext string
}
// ConfigOverrideFlags holds the flag names to be used for binding command line flags. Notice that this structure tightly