1
0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00

kube-auth-proxy: accept only target cluster hostname

Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
This commit is contained in:
Jari Kolehmainen 2020-11-18 22:02:20 +02:00
parent 3197e3a1fe
commit 025c4d0593

View File

@ -4,6 +4,7 @@ import { broadcastIpc } from "../common/ipc";
import type { Cluster } from "./cluster" import type { Cluster } from "./cluster"
import { Kubectl } from "./kubectl" import { Kubectl } from "./kubectl"
import logger from "./logger" import logger from "./logger"
import * as url from "url"
export interface KubeAuthProxyLog { export interface KubeAuthProxyLog {
data: string; data: string;
@ -30,13 +31,14 @@ export class KubeAuthProxy {
if (this.proxyProcess) { if (this.proxyProcess) {
return; return;
} }
const clusterUrl = url.parse(this.cluster.apiUrl);
const proxyBin = await this.kubectl.getPath() const proxyBin = await this.kubectl.getPath()
const args = [ const args = [
"proxy", "proxy",
"-p", `${this.port}`, "-p", `${this.port}`,
"--kubeconfig", `${this.cluster.kubeConfigPath}`, "--kubeconfig", `${this.cluster.kubeConfigPath}`,
"--context", `${this.cluster.contextName}`, "--context", `${this.cluster.contextName}`,
"--accept-hosts", ".*", "--accept-hosts", clusterUrl.hostname,
"--reject-paths", "^[^/]" "--reject-paths", "^[^/]"
] ]
if (process.env.DEBUG_PROXY === "true") { if (process.env.DEBUG_PROXY === "true") {