github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-16 06:32:32 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9287 from brendandburns/kubectl

Browse Source 
Add some XSRF protection to kubectl proxy.
This commit is contained in:
Abhi Shah
2015-06-12 13:51:08 -07:00
parent ef60540446 4aeee94603
commit 86b6150fb0
6 changed files with 285 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/kubectl_proxy.md
View File

@@ -40,9 +40,14 @@ $ kubectl proxy --api-prefix=/k8s-api
### Options
```
--accept-hosts="^localhost$,^127\\.0\\.0\\.1$,^\\[::1\\]$": Regular expression for hosts that the proxy should accept.
--accept-paths="^/api/.*": Regular expression for paths that the proxy should accept.
--api-prefix="/api/": Prefix to serve the proxied API under.
--disable-filter=false: If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks. Use with caution.
-h, --help=false: help for proxy
-p, --port=8001: The port on which to run the proxy.
--reject-methods="POST,PUT,PATCH": Regular expression for HTTP methods that the proxy should reject.
--reject-paths="^/api/.*/exec,^/api/.*/run": Regular expression for paths that the proxy should reject.
-w, --www="": Also serve static files from the given directory under the specified prefix.
-P, --www-prefix="/static/": Prefix to serve static files under, if static file directory is specified.
```
@@ -79,6 +84,6 @@ $ kubectl proxy --api-prefix=/k8s-api
### SEE ALSO
* [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager
###### Auto generated by spf13/cobra at 2015-06-05 21:08:36.513099878 +0000 UTC
###### Auto generated by spf13/cobra at 2015-06-11 03:49:29.837564354 +0000 UTC
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/kubectl_proxy.md?pixel)]()

20
docs/man/man1/kubectl-proxy.1
View File

@@ -38,10 +38,22 @@ The above lets you 'curl localhost:8001/custom/api/v1/pods'
.SH OPTIONS
.PP
\fB\-\-accept\-hosts\fP="^localhost$,^127\\.0\\.0\\.1$,^\\[::1\\]$"
Regular expression for hosts that the proxy should accept.
.PP
\fB\-\-accept\-paths\fP="^/api/.*"
Regular expression for paths that the proxy should accept.
.PP
\fB\-\-api\-prefix\fP="/api/"
Prefix to serve the proxied API under.
.PP
\fB\-\-disable\-filter\fP=false
If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks. Use with caution.
.PP
\fB\-h\fP, \fB\-\-help\fP=false
help for proxy
@@ -50,6 +62,14 @@ The above lets you 'curl localhost:8001/custom/api/v1/pods'
\fB\-p\fP, \fB\-\-port\fP=8001
The port on which to run the proxy.
.PP
\fB\-\-reject\-methods\fP="POST,PUT,PATCH"
Regular expression for HTTP methods that the proxy should reject.
.PP
\fB\-\-reject\-paths\fP="^/api/.\fI/exec,^/api/.\fP/run"
Regular expression for paths that the proxy should reject.
.PP
\fB\-w\fP, \fB\-\-www\fP=""
Also serve static files from the given directory under the specified prefix.