github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8bed088224fb38b41255b37e59a1701caefa171b
kubernetes/pkg
History
Casey Callendrello 8bed088224 kubelet: block non-forwarded packets from crossing the localhost boundary 
We set route_localnet so that host-network processes can connect to
<127.0.0.1:NodePort> and it still works. This, however, is too
permissive.

So, block martians that are not already in conntrack.

See: #90259
Signed-off-by: Casey Callendrello <cdc@redhat.com>
2020-05-29 17:35:50 +02:00
..
api
Merge pull request #88385 from tallclair/node-reviews
2020-05-24 20:23:11 -07:00
apis
Merge pull request #88385 from tallclair/node-reviews
2020-05-24 20:23:11 -07:00
auth
Run hack/update-vendor.sh
2020-05-16 07:54:33 -04:00
capabilities
Same as defaulting allow-privileged to true
2019-05-21 08:51:16 -04:00
client
Merge pull request #88385 from tallclair/node-reviews
2020-05-24 20:23:11 -07:00
cloudprovider
convert .import-restrictions to yaml
2020-04-28 08:41:36 -07:00
controller
Merge pull request #91180 from PengJi/fix_golint_failures
2020-05-25 06:27:12 -07:00
credentialprovider
Run hack/update-vendor.sh
2020-05-16 07:54:33 -04:00
features
Mark the server-side dry-run feature as GA
2020-05-05 17:13:24 -04:00
fieldpath
Fix return value for ExtractFieldPathAsString
2019-06-04 11:52:26 +08:00
generated
Merge pull request #80125 from sttts/sttts-bazel-openapi-fix
2019-07-19 14:25:50 -07:00
kubeapiserver
Run hack/update-vendor.sh
2020-05-16 07:54:33 -04:00
kubectl
Run hack/update-vendor.sh
2020-05-16 07:54:33 -04:00
kubelet
kubelet: block non-forwarded packets from crossing the localhost boundary
2020-05-29 17:35:50 +02:00
kubemark
Merge pull request #90494 from knabben/kubelet-provider
2020-05-26 19:12:42 -07:00
master
Merge pull request #88385 from tallclair/node-reviews
2020-05-24 20:23:11 -07:00
printers
If firstTimestamp is not set use eventTime when printing event
2020-04-09 11:21:36 +02:00
probe
Run hack/update-vendor.sh
2020-05-16 07:54:33 -04:00
proxy
proxier/ipvs: remove redundant length check for node addresses
2020-05-28 11:48:48 -04:00
quota
don't quota virtual resources by default
2020-03-17 15:10:23 -04:00
registry
Merge pull request #88385 from tallclair/node-reviews
2020-05-24 20:23:11 -07:00
routes
Run hack/update-vendor.sh
2020-05-16 07:54:33 -04:00
scheduler
Merge pull request #91448 from RainbowMango/pr_fix_metric_naming
2020-05-28 16:38:02 -07:00
security
move apparmor annotation constants to k8s.io/api/core/v1
2020-04-06 10:22:04 -04:00
securitycontext
set proper file permission for projected service account volume
2020-05-04 18:25:23 -07:00
serviceaccount
Restrict service account token metrics to kube-apiserver only.
2020-05-21 15:34:57 -07:00
ssh
Run hack/update-vendor.sh
2020-05-16 07:54:33 -04:00
util
Merge pull request #90316 from tangcong/fix-ipvs-staticheck-err
2020-05-19 20:34:32 -07:00
volume
Merge pull request #90985 from mrobson/iscsi-nodescan-manual
2020-05-20 16:45:15 -07:00
watch/json
Add API for watch bookmarks
2019-04-15 09:45:04 +02:00
windows/service
Run hack/update-vendor.sh
2020-05-16 07:54:33 -04:00
.import-restrictions
cmd/api/testing no longer overrides pkg's rules
2020-04-28 08:46:49 -07:00
BUILD
Moving leaderelectionconfig to k8s.io/component-base
2020-05-15 09:08:20 -07:00
OWNERS
Updated OWNERS files to include link to docs
2019-02-04 22:33:12 +01:00