github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2e4947ec3caa9b5a448eec828849041ac73bf869
kubernetes/pkg
History
Kubernetes Submit Queue a5c46303a2 Merge pull request #57265 from brendandburns/svc-proxy 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

By default block service proxy to external IP addresses.

**What this PR does / why we need it**:
Currently, the Service Proxy on the APIServer allows unrestricted access to any IP address that the APIServer machine can reach. This is likely undesirable in many cases.

Update the service proxy so that it filters Endpoints to only those that have a TargetRef that matches a known Pod.

Fixes https://github.com/kubernetes/kubernetes/issues/58761

**Release note**:
```release-note
By default disable access to external IP addresses from the apiserver service proxy.
```
2018-01-24 13:15:10 -08:00
..
api
Merge pull request #57059 from ericchiang/client-go/remove-openapi-import
2018-01-12 01:26:16 -08:00
apis
auto generated code
2018-01-16 12:34:31 +08:00
auth
Autogenerate BUILD files
2017-12-23 13:12:11 -08:00
capabilities
Autogenerate BUILD files
2017-12-23 13:12:11 -08:00
client
run update code-gen
2018-01-24 16:45:23 +08:00
cloudprovider
Merge pull request #58674 from bowei/cp-expose
2018-01-23 10:27:41 -08:00
controller
Merge pull request #57680 from hzxuzhonghu/volume-expand
2018-01-23 22:33:34 -08:00
credentialprovider
Better check for GCE VM
2018-01-17 18:35:51 -05:00
features
By default block service proxy to external IP addresses.
2018-01-24 04:13:15 +00:00
fieldpath
Autogenerate BUILD files
2017-12-23 13:12:11 -08:00
generated
generated
2018-01-23 14:11:49 -05:00
kubeapiserver
Merge pull request #58595 from CaoShuFeng/LimitPodHardAntiAffinityTopology
2018-01-23 09:18:30 -08:00
kubectl
Merge pull request #56206 from brancz/top-metrics-s
2018-01-23 13:17:31 -08:00
kubelet
Merge pull request #45442 from verb/pod-tshoot-1
2018-01-24 11:48:49 -08:00
kubemark
Move ungated 'alpha' KubeletConfiguration fields and self-registration fields to KubeletFlags
2017-11-15 17:47:10 -08:00
master
Remove unused code in UT files in pkg/
2018-01-15 16:02:35 +08:00
printers
Show all the annotations in ingress rules
2018-01-19 14:13:17 -03:00
probe
Autogenerate BUILD files
2017-12-23 13:12:11 -08:00
proxy
Merge pull request #57942 from m1093782566/localhost-masq
2018-01-19 20:00:36 -08:00
quota
Merge pull request #50286 from Pingan2017/modify0808
2018-01-15 11:35:03 -08:00
registry
By default block service proxy to external IP addresses.
2018-01-24 04:13:15 +00:00
routes
Update Dashboard add-on to version 1.8.0
2017-11-28 17:53:02 +01:00
scheduler
Add better event handling for deleted Pods
2018-01-23 12:03:35 -08:00
security
Remove unused code in UT files in pkg/
2018-01-15 16:02:35 +08:00
securitycontext
pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests.
2018-01-08 15:46:39 +01:00
serviceaccount
Remove unused code in UT files in pkg/
2018-01-15 16:02:35 +08:00
ssh
Autogenerate BUILD files
2017-12-23 13:12:11 -08:00
util
Merge pull request #58284 from mfojtik/findmnt-out
2018-01-18 13:11:30 -08:00
version
All Kubelet flags should be explicitly registered
2018-01-09 17:37:34 -08:00
volume
Merge pull request #58549 from dims/backup-default-location-for-cloud-config
2018-01-23 05:01:31 -08:00
watch
update BUILD files
2017-10-15 18:18:13 -07:00
.import-restrictions
Add import-boss directives
2017-10-13 07:06:22 -04:00
BUILD
create auto-gen files
2018-01-17 16:23:03 +08:00
OWNERS