Affected by GO-2022-0617
and 19 other vulnerabilities
GO-2022-0617 : WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
GO-2022-0703 : XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
GO-2022-0867 : Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
GO-2022-0885 : Improper Authentication in Kubernetes in k8s.io/kubernetes
GO-2022-0890 : Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
GO-2022-0907 : Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
GO-2022-0910 : Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
GO-2022-0983 : kubectl ANSI escape characters not filtered in k8s.io/kubernetes
GO-2023-1864 : Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
GO-2023-1891 : kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
GO-2023-1892 : Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
GO-2023-2159 : Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
GO-2023-2170 : Kubernetes privilege escalation vulnerability in k8s.io/kubernetes
GO-2023-2330 : Kubernetes privilege escalation vulnerability in k8s.io/kubernetes
GO-2023-2341 : Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
GO-2024-2748 : Privilege Escalation in Kubernetes in k8s.io/apimachinery
GO-2024-2753 : Denial of service in Kubernetes in k8s.io/kubernetes
GO-2024-2754 : Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2755 : Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes
GO-2024-2994 : Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
Discover Packages
k8s.io/kubernetes
plugin
pkg
admission
alwayspullimages
package
Version:
v1.15.2
Opens a new window with list of versions in this module.
Published: Aug 1, 2019
License: Apache-2.0
Opens a new window with license information.
Imports: 5
Opens a new window with list of imports.
Imported by: 78
Opens a new window with list of known importers.
Documentation
Documentation
¶
Package alwayspullimages contains an admission controller that modifies every new Pod to force
the image pull policy to Always. This is useful in a multitenant cluster so that users can be
assured that their private images can only be used by those who have the credentials to pull
them. Without this admission controller, once an image has been pulled to a node, any pod from
any user can use it simply by knowing the image's name (assuming the Pod is scheduled onto the
right node), without any authorization check against the image. With this admission controller
enabled, images are always pulled prior to starting containers, which means valid credentials are
required.
PluginName indicates name of admission plugin.
Register registers a plugin
AlwaysPullImages is an implementation of admission.Interface.
It looks at all new pods and overrides each container's image pull policy to Always.
NewAlwaysPullImages creates a new always pull images admission control handler
Admit makes an admission decision based on the request attributes
Validate makes sure that all containers are set to always pull images
Source Files
¶
Click to show internal directories.
Click to hide internal directories.