mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-03-16 07:33:03 -04:00
8b5fa408e0
kube-proxy sets the sysctl net.ipv4.conf.all.route_localnet=1 so NodePort services can be accessed on the loopback addresses in IPv4, but this may present security issues. Leverage the --nodeport-addresses flag to opt-out of this feature, if the list is not empty and none of the IP ranges contains an IPv4 loopback address this sysctl is not set. In addition, add a warning to inform users about this behavior. |
||
|---|---|---|
| .. | ||
| iptables | ||
| testing | ||
| endpoints.go | ||
| endpoints_test.go | ||
| network.go | ||
| utils.go | ||
| utils_test.go | ||