github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 19:23:40 +00:00
Code Issues Projects Releases Wiki Activity

Fix regex's and redirect port

Browse Source
This commit is contained in:
Isaac Hollander McCreery 2017-08-30 11:27:50 -07:00
parent 86c0579ee5
commit 6f4ee0d2aa
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cluster/addons/metadata-proxy/gce/metadata-proxy-configmap.yaml
View File

@ -20,6 +20,8 @@ data:
access_log /dev/stdout; access_log /dev/stdout;
server { server {
listen 127.0.0.1:988; listen 127.0.0.1:988;
# When serving 301s, don't redirect to port 988.
port_in_redirect off;
# By default, return 403. This protects us from new API versions. # By default, return 403. This protects us from new API versions.
location / { location / {
@ -28,13 +30,13 @@ data:
# Allow for REST discovery. # Allow for REST discovery.
location = / { location = / {
if ($args ~* "recursive") { if ($args ~* "^(.+&)?recursive=") {
return 403 "?recursive calls are not allowed by the metadata proxy."; return 403 "?recursive calls are not allowed by the metadata proxy.";
} }
proxy_pass http://169.254.169.254; proxy_pass http://169.254.169.254;
} }
location = /computeMetadata/ { location = /computeMetadata/ {
if ($args ~* "recursive") { if ($args ~* "^(.+&)?recursive=") {
return 403 "?recursive calls are not allowed by the metadata proxy."; return 403 "?recursive calls are not allowed by the metadata proxy.";
} }
proxy_pass http://169.254.169.254; proxy_pass http://169.254.169.254;
@ -42,19 +44,19 @@ data:
# By default, allow the v0.1, v1beta1, and v1 APIs. # By default, allow the v0.1, v1beta1, and v1 APIs.
location /0.1/ { location /0.1/ {
if ($args ~* "recursive") { if ($args ~* "^(.+&)?recursive=") {
return 403 "?recursive calls are not allowed by the metadata proxy."; return 403 "?recursive calls are not allowed by the metadata proxy.";
} }
proxy_pass http://169.254.169.254; proxy_pass http://169.254.169.254;
} }
location /computeMetadata/v1beta1/ { location /computeMetadata/v1beta1/ {
if ($args ~* "recursive") { if ($args ~* "^(.+&)?recursive=") {
return 403 "?recursive calls are not allowed by the metadata proxy."; return 403 "?recursive calls are not allowed by the metadata proxy.";
} }
proxy_pass http://169.254.169.254; proxy_pass http://169.254.169.254;
} }
location /computeMetadata/v1/ { location /computeMetadata/v1/ {
if ($args ~* "recursive") { if ($args ~* "^(.+&)?recursive=") {
return 403 "?recursive calls are not allowed by the metadata proxy."; return 403 "?recursive calls are not allowed by the metadata proxy.";
} }
proxy_pass http://169.254.169.254; proxy_pass http://169.254.169.254;