github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 23:47:50 +00:00
Code Issues Projects Releases Wiki Activity

kube-proxy: add a flag to disables the allowing NodePort services to be accessed via localhost

Browse Source
This commit is contained in:
cyclinder
2022-11-02 16:17:52 +08:00
parent ccf57ba09d
commit bef2070031
18 changed files with 578 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/kube-proxy/app/server_test.go
View File

@@ -107,6 +107,7 @@ iptables:
masqueradeBit: 17
minSyncPeriod: 10s
syncPeriod: 60s
localhostNodePorts: true
ipvs:
minSyncPeriod: 10s
syncPeriod: 60s
@@ -246,10 +247,11 @@ nodePortAddresses:
HealthzBindAddress: tc.healthzBindAddress,
HostnameOverride: "foo",
IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
MasqueradeAll: true,
MasqueradeBit: pointer.Int32(17),
MinSyncPeriod: metav1.Duration{Duration: 10 * time.Second},
SyncPeriod: metav1.Duration{Duration: 60 * time.Second},
MasqueradeAll: true,
MasqueradeBit: pointer.Int32(17),
LocalhostNodePorts: pointer.Bool(true),
MinSyncPeriod: metav1.Duration{Duration: 10 * time.Second},
SyncPeriod: metav1.Duration{Duration: 60 * time.Second},
},
IPVS: kubeproxyconfig.KubeProxyIPVSConfiguration{
MinSyncPeriod: metav1.Duration{Duration: 10 * time.Second},