Merge pull request #9287 from brendandburns/kubectl

Add some XSRF protection to kubectl proxy.

docs/man/man1/kubectl-proxy.1

@@ -38,10 +38,22 @@ The above lets you 'curl localhost:8001/custom/api/v1/pods'
 
 
 .SH OPTIONS
+.PP
+\fB\-\-accept\-hosts\fP="^localhost$,^127\\.0\\.0\\.1$,^\\[::1\\]$"
+    Regular expression for hosts that the proxy should accept.
+
+.PP
+\fB\-\-accept\-paths\fP="^/api/.*"
+    Regular expression for paths that the proxy should accept.
+
 .PP
 \fB\-\-api\-prefix\fP="/api/"
     Prefix to serve the proxied API under.
 
+.PP
+\fB\-\-disable\-filter\fP=false
+    If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks.  Use with caution.
+
 .PP
 \fB\-h\fP, \fB\-\-help\fP=false
     help for proxy
@@ -50,6 +62,14 @@ The above lets you 'curl localhost:8001/custom/api/v1/pods'
 \fB\-p\fP, \fB\-\-port\fP=8001
     The port on which to run the proxy.
 
+.PP
+\fB\-\-reject\-methods\fP="POST,PUT,PATCH"
+    Regular expression for HTTP methods that the proxy should reject.
+
+.PP
+\fB\-\-reject\-paths\fP="^/api/.\fI/exec,^/api/.\fP/run"
+    Regular expression for paths that the proxy should reject.
+
 .PP
 \fB\-w\fP, \fB\-\-www\fP=""
     Also serve static files from the given directory under the specified prefix.