mirror of https://github.com/kubernetes/kops.git
c67f895226
In order to verify that the caller is running on the specified node, we source the expected IP address from the cloud, and require that the node set up a simple challenge/response server to answer requests. Because the challenge server runs on a port outside of the nodePort range, this also makes it harder for pods to impersonate their host nodes - though we do combine this with TPM and similar functionality where it is available. |
||
|---|---|---|
| .. | ||
| kops | ||
| kops-controller | ||
| kube-apiserver-healthcheck | ||
| nodeup | ||