-
Notifications
You must be signed in to change notification settings - Fork 740
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
set --tls-cipher-suites option in metrics-server for CVE-2016-2183 #2186
Conversation
关于此漏洞的介绍可参考 https://segmentfault.com/a/1190000038486901 |
/cc @kubesphere/sig-observability |
@pixiake: GitHub didn't allow me to request PR reviews from the following users: kubesphere/sig-observability. Note that only kubesphere members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
@frezes: changing LGTM is restricted to collaborators In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@athlonreg Thanks, you can take a look at the upstream metric server charts to verify if it's need to be fixed as well |
LGTM label has been added. Git tree hash: 748726add43f6b83830761d302ac80d4e4eb2dea
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: athlonreg, benjaminhuo The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
metrics-server 的启动参数设置 --tls-cipher-suites 可以避免 CVE-2016-2183 安全漏洞,如果不加使用 nmap 扫描 4443 端口结果如下
指定后扫描结果如下
此参数设置了加密套件列表,列表内容取于默认生成的参数列表去除不安全的 C 级套件