hendrik/lens
1
0
Fork 0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00
Code Issues Projects Releases Wiki Activity

kube-auth-proxy: accept only target cluster hostname (#1466)

Browse Source 
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>

Co-authored-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
This commit is contained in:
Lauri Nevala 2020-11-20 13:04:40 +02:00 committed by GitHub
parent 6a815edecd
commit 0eeb53aa2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/kube-auth-proxy.ts
View File

@ -4,6 +4,7 @@ import { broadcastIpc } from "../common/ipc";
import type { Cluster } from "./cluster"
import { bundledKubectl, Kubectl } from "./kubectl"
import logger from "./logger"
import * as url from "url"
export interface KubeAuthProxyLog {
data: string;
@ -26,17 +27,22 @@ export class KubeAuthProxy {
this.kubectl = bundledKubectl
}
get acceptHosts() {
return url.parse(this.cluster.apiUrl).hostname;
}
public async run(): Promise<void> {
if (this.proxyProcess) {
return;
}
const proxyBin = await this.kubectl.getPath()
const args = [
"proxy",
"-p", `${this.port}`,
"--kubeconfig", `${this.cluster.kubeConfigPath}`,
"--context", `${this.cluster.contextName}`,
"--accept-hosts", ".*",
"--accept-hosts", this.acceptHosts,
"--reject-paths", "^[^/]"
]
if (process.env.DEBUG_PROXY === "true") {