Merge pull request #97934 from mattcary/loopback-upstream

Disallow local loopback for volume hosts
2021-01-27 01:13:40 -08:00
parent 5310e4f30e 9a7dcd36c1
commit de4d771d3b
1 changed files with 1 additions and 0 deletions
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -1999,6 +1999,7 @@ function start-kube-controller-manager {
  params+=("--kubeconfig=${config_path}" "--authentication-kubeconfig=${config_path}" "--authorization-kubeconfig=${config_path}")
  params+=("--root-ca-file=${CA_CERT_BUNDLE_PATH}")
  params+=("--service-account-private-key-file=${SERVICEACCOUNT_KEY_PATH}")
+  params+=("--volume-host-allow-local-loopback=false")
  if [[ -n "${ENABLE_GARBAGE_COLLECTOR:-}" ]]; then
    params+=("--enable-garbage-collector=${ENABLE_GARBAGE_COLLECTOR}")
  fi