github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ClientConfig should not default to http://localhost:8080

Browse Source 
This changes clientcmd to skip the default cluster, but preserves the
behavior in kubectl. This prevents the possibility of an administrator
misconfiguration in kubelet or other server component from allowing a
third party who can bind to 8080 on that host from potentially
impersonating an API server and gaining root access.
This commit is contained in:
Clayton Coleman
2016-08-17 16:09:04 -04:00
parent 3ccb99d87d
commit 06cbb29e9e
6 changed files with 50 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugin/pkg/admission/imagepolicy/admission_test.go
View File

@@ -115,7 +115,7 @@ users:
client-certificate: {{ .Cert }}
client-key: {{ .Key }}
`,
wantErr: false,
wantErr: true,
},
{
msg: "multiple clusters with no context",
@@ -135,7 +135,7 @@ users:
client-certificate: {{ .Cert }}
client-key: {{ .Key }}
`,
wantErr: false,
wantErr: true,
},
{
msg: "multiple clusters with a context",

4
plugin/pkg/auth/authorizer/webhook/webhook_test.go
View File

@@ -89,7 +89,7 @@ users:
client-certificate: {{ .Cert }}
client-key: {{ .Key }}
`,
wantErr: false,
wantErr: true,
},
{
msg: "multiple clusters with no context",
@@ -109,7 +109,7 @@ users:
client-certificate: {{ .Cert }}
client-key: {{ .Key }}
`,
wantErr: false,
wantErr: true,
},
{
msg: "multiple clusters with a context",