Affected by GO-2022-0617 and 16 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0907: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes

GO-2022-0908: Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes

GO-2022-0910: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes

GO-2022-0983: ANSI escape characters not filtered in kubectl in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-2159: Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

GO-2025-3465: Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes

GO-2025-3521: Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

GO-2025-3522: Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes

GO-2025-3547: Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

GO-2025-3915: Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes

rootcacertpublisher

package

v1.20.3-rc.0 Latest Latest Go to latest Published: Jan 13, 2021 License: Apache-2.0 Imports: 16 Imported by: 16

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Publisher
- func NewPublisher(cmInformer coreinformers.ConfigMapInformer, ...) (*Publisher, error)
- func (c *Publisher) Run(workers int, stopCh <-chan struct{})

Constants ¶

View Source

const RootCACertConfigMapName = "kube-root-ca.crt"

RootCACertConfigMapName is name of the configmap which stores certificates to access api-server

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Publisher ¶

type Publisher struct {
	// contains filtered or unexported fields
}

Publisher manages certificate ConfigMap objects inside Namespaces

func NewPublisher ¶

func NewPublisher(cmInformer coreinformers.ConfigMapInformer, nsInformer coreinformers.NamespaceInformer, cl clientset.Interface, rootCA []byte) (*Publisher, error)

NewPublisher construct a new controller which would manage the configmap which stores certificates in each namespace. It will make sure certificate configmap exists in each namespace.

func (*Publisher) Run ¶

func (c *Publisher) Run(workers int, stopCh <-chan struct{})

Run starts process

Source Files ¶

View all Source files

publisher.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL