You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Starting in openshift/origin#7888, admins can configure the server to prevent skewed oc clients from accessing the REST API. This has to be documented.
@deads2k should provide the info about this new feature.
The text was updated successfully, but these errors were encountered:
@adellape Is there a section where we publish all the generated doc for our types? This is sort of an unusual thing to do, so I don't think it warrants a top-level doc.
The types are documented and with the new types you can do things like:
deny clients using particular libraries or particular binaries. In this case, the kube 1.2 client binary and origin 1.1.3 binary. You could do similar things for OSE clients.
userAgentMatchingConfig:
defaultRejectionMessage: "Your client is too old. Go to https://example.org to update it."deniedClients:
- regex: '\w+/v(?:(?:1\.1\.1)|(?:1\.0\.1)) \(.+/.+\) openshift/\w{7}'
- regex: '\w+/v(?:1\.1\.3) \(.+/.+\) openshift/\w{7}'
- regex: '\w+/v1\.2\.0 \(.+/.+\) kubernetes/\w{7}'requiredClients: null
deny clients that don't match your expect clients exactly.
userAgentMatchingConfig:
defaultRejectionMessage: "Your client is too old. Go to https://example.org to update it."deniedClients: []requiredClients:
- regex: '\w+/v1\.1\.3 \(.+/.+\) openshift/\w{7}'
- regex: '\w+/v1\.2\.0 \(.+/.+\) kubernetes/\w{7}'
Starting in openshift/origin#7888, admins can configure the server to prevent skewed
oc
clients from accessing the REST API. This has to be documented.@deads2k should provide the info about this new feature.
The text was updated successfully, but these errors were encountered: