Adds filtering of hosts to DialContexts.

The provided DialContext wraps existing clients' DialContext in an attempt to preserve any existing timeout configuration. In some cases, we may replace infinite timeouts with golang defaults. - scaleio: tcp connect/keepalive values changed from 0/15 to 30/30 - storageos: no change
2020-06-09 21:30:40 +00:00
parent 74dbf274d9
commit f2e23afcf1
41 changed files with 346 additions and 65 deletions
--- a/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/types.go
+++ b/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/types.go
@@ -471,6 +471,12 @@ type PersistentVolumeBinderControllerConfiguration struct {
 	PVClaimBinderSyncPeriod metav1.Duration
 	// volumeConfiguration holds configuration for volume related features.
 	VolumeConfiguration VolumeConfiguration
+	// VolumeHostCIDRDenylist is a list of CIDRs that should not be reachable by the
+	// controller from plugins.
+	VolumeHostCIDRDenylist []string
+	// VolumeHostAllowLocalLoopback indicates if local loopback hosts (127.0.0.1, etc)
+	// should be allowed from plugins.
+	VolumeHostAllowLocalLoopback *bool
 }

 // PodGCControllerConfiguration contains elements describing PodGCController.
--- a/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/zz_generated.deepcopy.go
@@ -442,6 +442,16 @@ func (in *PersistentVolumeBinderControllerConfiguration) DeepCopyInto(out *Persi
 	*out = *in
 	out.PVClaimBinderSyncPeriod = in.PVClaimBinderSyncPeriod
 	in.VolumeConfiguration.DeepCopyInto(&out.VolumeConfiguration)
+	if in.VolumeHostCIDRDenylist != nil {
+		in, out := &in.VolumeHostCIDRDenylist, &out.VolumeHostCIDRDenylist
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.VolumeHostAllowLocalLoopback != nil {
+		in, out := &in.VolumeHostAllowLocalLoopback, &out.VolumeHostAllowLocalLoopback
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

--- a/staging/src/k8s.io/mount-utils/BUILD
+++ b/staging/src/k8s.io/mount-utils/BUILD
@@ -35,9 +35,6 @@ go_library(
        "@io_bazel_rules_go//go/platform:freebsd": [
            "//vendor/k8s.io/utils/io:go_default_library",
        ],
-        "@io_bazel_rules_go//go/platform:illumos": [
-            "//vendor/k8s.io/utils/io:go_default_library",
-        ],
        "@io_bazel_rules_go//go/platform:ios": [
            "//vendor/k8s.io/utils/io:go_default_library",
        ],