Disallow local loopback for volume hosts

Change-Id: Ic356c3f859057153cfad97327f1938792a1a512c
kubernetes · Jan 27, 2021 · 9a7dcd3 · 9a7dcd3
1 parent 4fc184f
commit 9a7dcd3
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
@@ -1999,6 +1999,7 @@ function start-kube-controller-manager {
   params+=("--kubeconfig=${config_path}" "--authentication-kubeconfig=${config_path}" "--authorization-kubeconfig=${config_path}")
   params+=("--root-ca-file=${CA_CERT_BUNDLE_PATH}")
   params+=("--service-account-private-key-file=${SERVICEACCOUNT_KEY_PATH}")
+  params+=("--volume-host-allow-local-loopback=false")
   if [[ -n "${ENABLE_GARBAGE_COLLECTOR:-}" ]]; then
     params+=("--enable-garbage-collector=${ENABLE_GARBAGE_COLLECTOR}")
   fi