apiserver-network-proxy icon indicating copy to clipboard operation
apiserver-network-proxy copied to clipboard
verified publisher icon kubernetes-sigs

Insecure run modes should be either not possible or explicitly opted in to

Open mikedanese opened this issue 5 years ago • 2 comments

Right now, network proxy server supports three auth modes (if I read https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/2fdb1a46954b1e99af989b037e543751eae49fe0/cmd/server/main.go correctly).

  1. TLS Client auth
  2. Service account token auth
  3. None

The third mode should be ideally removed. If it is absolutely needed, it should be explicitly opted into via an e.g. --insecure-no-client-auth flag.

mikedanese avatar Dec 11 '20 03:12 mikedanese

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale

fejta-bot avatar Mar 11 '21 04:03 fejta-bot

/lifecycle frozen

cheftako avatar Mar 11 '21 22:03 cheftako