Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not risk exposing unauthenticated webhook port on container #4681

Closed
wants to merge 1 commit into from
Closed

Do not risk exposing unauthenticated webhook port on container #4681

wants to merge 1 commit into from

Conversation

kimsondrup
Copy link
Contributor

@kimsondrup kimsondrup commented Aug 15, 2024
edited
Loading

Do not expose unauthenticated webhook port on the webhook container to the cluster

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 15, 2024
@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Aug 15, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @kimsondrup. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Aug 15, 2024
@kimsondrup kimsondrup mentioned this pull request Aug 15, 2024
Merged
@kimsondrup kimsondrup force-pushed the webhook-protect-port branch from 2d5a725 to e493c0a Compare August 15, 2024 10:24
@kimsondrup kimsondrup changed the title Do not expose unprotected webhook port on container Security: Do not expose unprotected webhook port on container Aug 15, 2024
@kimsondrup kimsondrup force-pushed the webhook-protect-port branch 3 times, most recently from 455c887 to ee76335 Compare August 15, 2024 13:22
@kimsondrup kimsondrup changed the title Security: Do not expose unprotected webhook port on container Security: Do not expose unauthenticated webhook port on container Aug 15, 2024
@kimsondrup kimsondrup force-pushed the webhook-protect-port branch from ee76335 to dfc1056 Compare August 15, 2024 13:33
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign stevehipwell for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kimsondrup kimsondrup force-pushed the webhook-protect-port branch from dfc1056 to 74b3430 Compare August 15, 2024 13:48
@kimsondrup kimsondrup changed the title Security: Do not expose unauthenticated webhook port on container Do not expose unauthenticated webhook port on container Aug 15, 2024
@kimsondrup kimsondrup changed the title Do not expose unauthenticated webhook port on container Do not risk exposing unauthenticated webhook port on container Aug 15, 2024
@kimsondrup kimsondrup force-pushed the webhook-protect-port branch 2 times, most recently from 693c3c7 to 27a7863 Compare August 15, 2024 14:03
@kimsondrup kimsondrup force-pushed the webhook-protect-port branch from 27a7863 to bd56612 Compare August 15, 2024 14:41
@kimsondrup kimsondrup closed this Aug 15, 2024
@kimsondrup
Copy link
Contributor Author

I realised my mistake

@kimsondrup kimsondrup deleted the webhook-protect-port branch August 15, 2024 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mloiseleur mloiseleur Awaiting requested review from mloiseleur

@szuecs szuecs Awaiting requested review from szuecs

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kimsondrup @k8s-ci-robot