Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict access to the kube-proxy to local pod connections only #525

Merged
merged 1 commit into from
Mar 14, 2024
Merged

Restrict access to the kube-proxy to local pod connections only #525

merged 1 commit into from
Mar 14, 2024

Conversation

donatwork
Copy link
Contributor

@donatwork donatwork commented Mar 14, 2024
edited by jooseppi-luna
Loading

Description

Previously merged to main via PR 516
This PR restricts the access of the kube-proxy port to only connections within the client pod.

GitHub Issues

List the GitHub issues impacted by this PR:

GitHub Issue #
1029
1189

Checklist:

  • I have performed a self-review of my own code to ensure there are no formatting, vetting, linting, or security issues
  • I have verified that new and existing unit tests pass locally with my changes
  • I have not allowed coverage numbers to degenerate
  • I have maintained at least 90% code coverage
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I have maintained backward compatibility

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

  1. Deployed the client and validated that the access to the proxy from outside the pod, within the cluster is blocked. The service is not exported outside the cluster.

jooseppi-luna
jooseppi-luna approved these changes Mar 14, 2024
View reviewed changes
Copy link
Contributor

@jooseppi-luna jooseppi-luna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thank you!

abhi16394
abhi16394 reviewed Mar 14, 2024
View reviewed changes
Copy link
Collaborator

@abhi16394 abhi16394 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@donatwork linters checks are failing
Could you check that

@donatwork
Copy link
Contributor Author

donatwork commented Mar 14, 2024
edited
Loading

@donatwork linters checks are failing Could you check that

I made no changes to the Go code. The base branch previously had linter errors. Those were fixed in main.

@jooseppi-luna jooseppi-luna requested a review from abhi16394 March 14, 2024 18:33
abhi16394
abhi16394 approved these changes Mar 14, 2024
View reviewed changes
Copy link
Collaborator

@abhi16394 abhi16394 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@donatwork donatwork merged commit c715d99 into release-v1.4.4 Mar 14, 2024
7 of 8 checks passed
@donatwork donatwork deleted the bug-1029-anc-perms branch March 14, 2024 18:36
@donatwork donatwork mentioned this pull request Mar 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jooseppi-luna jooseppi-luna jooseppi-luna approved these changes

@abhi16394 abhi16394 abhi16394 approved these changes

@mbasha-dell mbasha-dell Awaiting requested review from mbasha-dell

@alikdell alikdell Awaiting requested review from alikdell

@bharathsreekanth bharathsreekanth Awaiting requested review from bharathsreekanth

@chimanjain chimanjain Awaiting requested review from chimanjain

@coulof coulof Awaiting requested review from coulof

@Deepak-Ghivari Deepak-Ghivari Awaiting requested review from Deepak-Ghivari

@gallacher gallacher Awaiting requested review from gallacher

@HarishH-DELL HarishH-DELL Awaiting requested review from HarishH-DELL

@JacobGros JacobGros Awaiting requested review from JacobGros

@karthikk92 karthikk92 Awaiting requested review from karthikk92

@kumarkgosa kumarkgosa Awaiting requested review from kumarkgosa

@bandak2 bandak2 Awaiting requested review from bandak2

@mjsdell mjsdell Awaiting requested review from mjsdell

@nitesh3108 nitesh3108 Awaiting requested review from nitesh3108

@Prabhu-Dell Prabhu-Dell Awaiting requested review from Prabhu-Dell

@rajendraindukuri rajendraindukuri Awaiting requested review from rajendraindukuri

@rajkumar-palani rajkumar-palani Awaiting requested review from rajkumar-palani

@shefali-malhotra shefali-malhotra Awaiting requested review from shefali-malhotra

@panigs7 panigs7 Awaiting requested review from panigs7

@tdawe tdawe Awaiting requested review from tdawe

@shaynafinocchiaro shaynafinocchiaro Awaiting requested review from shaynafinocchiaro

@atye atye Awaiting requested review from atye

@sharmilarama sharmilarama Awaiting requested review from sharmilarama

@shanmydell shanmydell Awaiting requested review from shanmydell

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@donatwork @jooseppi-luna @abhi16394