kube-rbac-proxy
kube-rbac-proxy copied to clipboard
brancz
Kubernetes RBAC authorizing HTTP proxy for a single upstream.
## What Bump dependencies to higher versions. Most prominent: k8s v1.29.3 ## Why It makes sense to stay up to date with deps. In particular it should fix the CVE...
When using kube-rbac-proxy v0.14.1, sometimes we found kube-rbac-proxy container stuck in `TLS handshake error` and can not recover automatically until it's restarted manually. ``` I0621 17:39:33.819787 1876 log.go:198] http: TLS...
otel dependencies have cve's flagged by scanners , this would help to reduce that noise
Signed-off-by: m.nabokikh ## Motivation A proxy always comes in front of upstream. Some upstream, instead of HTTP requests, serve HTTPS requests with self-signed certificates (this is better than having no...
CVE-2023-47108 "Vulnerability detected affecting otelgrpc v0.42.0" found in kube-rbac-proxy v0.16.0
> 18:58:19 + python /app/cs_imagescan.py --repo /mirror/quay.io/brancz/kube-rbac-proxy --skip-push --tag v0.16.0 -c us-2 18:58:19 INFO Downloading Image Scan Report 18:58:30 INFO Searching for vulnerabilities in scan report... 18:58:30 WARNING HIGH CVE-2023-47108...
# What Issues collected during the second round of review with @enj. # Why kube-rbac-proxy should become a project owned by Kubernetes. # Issues `cmd/kube-rbac-proxy/app/kube-rbac-proxy.go`: - [ ] (1) Log...
Hello Team, We are using this image: quay.io/brancz/kube-rbac-proxy:v0.15.0 and inside of this image, we have scanned out two high security vulnerabilities. Could you help fix them? ``` grype quay.io/brancz/kube-rbac-proxy:v0.15.0 ✔...
Hi I pulled the image quay.io/brancz/kube-rbac-proxy:v0.14.2 and 0.15.0. Inspected the images to verify they are multi-arch and they contain the digests for all supported archs in their manifest. However, when...
For now kube-rbac-proxy sees the 2 arguments `--ignore-path` and `--allow-path` mutually exclusive. It is not so practical when we add liveness probe and readiness probes in Kubernetes. We may want...
