Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubectl proxy --accept-hosts appears to filter destination, not source. #142

Closed
wrossmann opened this issue Nov 16, 2017 · 14 comments
Closed

kubectl proxy --accept-hosts appears to filter destination, not source. #142

wrossmann opened this issue Nov 16, 2017 · 14 comments
Labels
area/kubectl kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/P2 sig/cli Categorizes an issue or PR as relevant to SIG CLI.

Comments

@wrossmann
Copy link

wrossmann commented Nov 16, 2017
edited
Loading

Is this a BUG REPORT or FEATURE REQUEST?: BUG REPORT

Kubernetes version:

  • Client: v1.8.3
  • Server: v1.7.8-gke.0

Environment:

  • Cloud provider: Google [GKE]
  • OS:
    • Client: CentOS 6/7 [client]
    • Server: cos-stable-61-9765-66-0
  • Install tools: gcloud

What happened:
In my development VM [10.0.1.100] I started kubectl proxy to provide full access to the Dashboard UI to my workstation [10.0.2.200], but not everyone else in the office. The command used was:

kubectl proxy --port=8080 --address=10.0.1.100 --accept-hosts='^10\.0\.2\.200$'

as well as many variants of the regular expression with/without \., ^, and $

Which yielded the following for all endpoints:

<h3>Unauthorized</h3>

It was suggested in the #kubernetes-users Slack channel that it may be running the regex against a hostname, but I've double-checked and we do not have reverse lookups enabled for our network, and I don't think that kubectl would be looking up NetBIOS info.

It can be made to work with --accept-hosts='^.*$' as you would expect, however I also decided to try --accept-hosts='^10\.0\.1\.100$' on a hunch, which ended up working the same as the wildcard, allowing anyone on the network access to the proxy.

What you expected to happen:

  1. --accept-hosts='^10\.0\.2\.200$' should allow only the stated IP access to the proxy.
    • actual: universal inaccessibility
  2. --accept-hosts='^10\.0\.1\.100$' should allow only local requests, similar to the 127.0.0.1 defaults.
    • actual: open access to all

How to reproduce it:

With two hosts attached to the same network:

  • Host A: kubectl proxy --port=8080 --address=HOST_A_IP --accept-hosts='^HOST_B_IP$'
  • Host B: curl http://HOST_A_IP:8080/

Anything else we need to know:

This has wider implications than me simply being paranoid about my local network. In searching for solutions to this problem I found pages upon pages of people stating --accept-hosts='^.*$' and --disable-filter=true as general solutions, even in the face of machines with public-facing interfaces. The supposed workarounds for this issue are causing people to unwittingly expose very sensitive information and APIs to potentially the entire world unless they take additional action to prevent it, eg: firewall rules.

eg: See the discussion in kubernetes/dashboard#692
@apelisse apelisse added the bug label Dec 1, 2017
@apelisse
Copy link
Member

apelisse commented Dec 1, 2017

I don't know who knows about proxy. @liggitt ?

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 1, 2018
@mengqiy mengqiy removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 2, 2018
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. kind/bug Categorizes issue or PR as related to a bug. and removed bug labels May 31, 2018
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 5, 2018
@nikhita
Copy link
Member

nikhita commented Jul 5, 2018

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Jul 5, 2018
@seans3
Copy link
Contributor

seans3 commented Sep 25, 2018

/sig cli
/area kubectl
/priority P2

@k8s-ci-robot k8s-ci-robot added sig/cli Categorizes an issue or PR as relevant to SIG CLI. area/kubectl priority/P2 labels Sep 25, 2018
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 24, 2018
@nikhita
Copy link
Member

nikhita commented Dec 25, 2018

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 25, 2018
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 25, 2019
@george-angel
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 26, 2019
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 24, 2019
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 24, 2019
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/kubectl kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/P2 sig/cli Categorizes an issue or PR as relevant to SIG CLI.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@george-angel @apelisse @mengqiy @wrossmann @seans3 @nikhita @k8s-ci-robot @fejta-bot