kube-auth-proxy: accept only target cluster hostname (#1433)

Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
2025-05-20 05:10:56 +00:00 · 2020-11-19 08:32:07 +02:00 · 2020-11-19 08:32:07 +02:00 · aa09f13d8b
commit aa09f13d8b
parent 5d077b0bb4
1 changed files with 7 additions and 1 deletions
--- a/src/main/kube-auth-proxy.ts
+++ b/src/main/kube-auth-proxy.ts
@ -4,6 +4,7 @@ import { broadcastIpc } from "../common/ipc";
 import type { Cluster } from "./cluster"
 import { bundledKubectl, Kubectl } from "./kubectl"
 import logger from "./logger"
+import * as url from "url"

 export interface KubeAuthProxyLog {
  data: string;
@ -26,17 +27,22 @@ export class KubeAuthProxy {
    this.kubectl = bundledKubectl
  }

+  get acceptHosts() {
+    return url.parse(this.cluster.apiUrl).hostname;
+  }
+
  public async run(): Promise<void> {
    if (this.proxyProcess) {
      return;
    }
+
    const proxyBin = await this.kubectl.getPath()
    const args = [
      "proxy",
      "-p", `${this.port}`,
      "--kubeconfig", `${this.cluster.kubeConfigPath}`,
      "--context", `${this.cluster.contextName}`,
-      "--accept-hosts", ".*",
+      "--accept-hosts", this.acceptHosts,
      "--reject-paths", "^[^/]"
    ]
    if (process.env.DEBUG_PROXY === "true") {