github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 10:19:50 +00:00
Code Issues Projects Releases Wiki Activity

Disallow local loopback for volume hosts

Browse Source 
Change-Id: Ic356c3f859057153cfad97327f1938792a1a512c
This commit is contained in:
Matthew Cary 2021-01-11 15:17:25 -08:00
parent 4fc184f383
commit 9a7dcd36c1
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cluster/gce/gci/configure-helper.sh
View File

@ -1999,6 +1999,7 @@ function start-kube-controller-manager {
params+=("--kubeconfig=${config_path}" "--authentication-kubeconfig=${config_path}" "--authorization-kubeconfig=${config_path}") params+=("--kubeconfig=${config_path}" "--authentication-kubeconfig=${config_path}" "--authorization-kubeconfig=${config_path}")
params+=("--root-ca-file=${CA_CERT_BUNDLE_PATH}") params+=("--root-ca-file=${CA_CERT_BUNDLE_PATH}")
params+=("--service-account-private-key-file=${SERVICEACCOUNT_KEY_PATH}") params+=("--service-account-private-key-file=${SERVICEACCOUNT_KEY_PATH}")
params+=("--volume-host-allow-local-loopback=false")
if [[ -n "${ENABLE_GARBAGE_COLLECTOR:-}" ]]; then if [[ -n "${ENABLE_GARBAGE_COLLECTOR:-}" ]]; then
params+=("--enable-garbage-collector=${ENABLE_GARBAGE_COLLECTOR}") params+=("--enable-garbage-collector=${ENABLE_GARBAGE_COLLECTOR}")
fi fi