Replace godep with dep
This commit is contained in:
Manuel de Brito Fontes
parent
1e7489927c
commit
bf5616c65b
14883 changed files with 3937406 additions and 361781 deletions
88
vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/metadata-proxy-configmap.yaml
generated
vendored
Normal file
88
vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/metadata-proxy-configmap.yaml
generated
vendored
Normal file
|
|
@ -0,0 +1,88 @@
|
|||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: metadata-proxy-config
|
||||
namespace: kube-system
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: EnsureExists
|
||||
data:
|
||||
nginx.conf: |-
|
||||
user www-data;
|
||||
worker_processes 4;
|
||||
pid /run/nginx.pid;
|
||||
error_log /dev/stdout;
|
||||
|
||||
events {
|
||||
worker_connections 20;
|
||||
}
|
||||
|
||||
http {
|
||||
access_log /dev/stdout;
|
||||
server {
|
||||
listen 127.0.0.1:988;
|
||||
# When serving 301s, don't redirect to port 988.
|
||||
port_in_redirect off;
|
||||
|
||||
# By default, return 403. This protects us from new API versions.
|
||||
location / {
|
||||
return 403 "This metadata API is not allowed by the metadata proxy.";
|
||||
}
|
||||
|
||||
# Allow for REST discovery.
|
||||
location = / {
|
||||
if ($args ~* "^(.+&)?recursive=") {
|
||||
return 403 "?recursive calls are not allowed by the metadata proxy.";
|
||||
}
|
||||
proxy_pass http://169.254.169.254;
|
||||
}
|
||||
location = /computeMetadata/ {
|
||||
if ($args ~* "^(.+&)?recursive=") {
|
||||
return 403 "?recursive calls are not allowed by the metadata proxy.";
|
||||
}
|
||||
proxy_pass http://169.254.169.254;
|
||||
}
|
||||
|
||||
# By default, allow the v0.1, v1beta1, and v1 APIs.
|
||||
location /0.1/ {
|
||||
if ($args ~* "^(.+&)?recursive=") {
|
||||
return 403 "?recursive calls are not allowed by the metadata proxy.";
|
||||
}
|
||||
proxy_pass http://169.254.169.254;
|
||||
}
|
||||
location /computeMetadata/v1beta1/ {
|
||||
if ($args ~* "^(.+&)?recursive=") {
|
||||
return 403 "?recursive calls are not allowed by the metadata proxy.";
|
||||
}
|
||||
proxy_pass http://169.254.169.254;
|
||||
}
|
||||
location /computeMetadata/v1/ {
|
||||
if ($args ~* "^(.+&)?recursive=") {
|
||||
return 403 "?recursive calls are not allowed by the metadata proxy.";
|
||||
}
|
||||
proxy_pass http://169.254.169.254;
|
||||
}
|
||||
|
||||
# Return a 403 for the kube-env attribute in all allowed API versions.
|
||||
location /0.1/meta-data/attributes/kube-env {
|
||||
return 403 "This metadata endpoint is concealed.";
|
||||
}
|
||||
location /computeMetadata/v1beta1/instance/attributes/kube-env {
|
||||
return 403 "This metadata endpoint is concealed.";
|
||||
}
|
||||
location /computeMetadata/v1/instance/attributes/kube-env {
|
||||
return 403 "This metadata endpoint is concealed.";
|
||||
}
|
||||
|
||||
# Return a 403 for instance identity in all allowed API versions.
|
||||
location ~ /0.1/meta-data/service-accounts/.+/identity {
|
||||
return 403 "This metadata endpoint is concealed.";
|
||||
}
|
||||
location ~ /computeMetadata/v1beta1/instance/service-accounts/.+/identity {
|
||||
return 403 "This metadata endpoint is concealed.";
|
||||
}
|
||||
location ~ /computeMetadata/v1/instance/service-accounts/.+/identity {
|
||||
return 403 "This metadata endpoint is concealed.";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue