From 746481c1bde5be653168b226ded374dc3eb95540 Mon Sep 17 00:00:00 2001 From: Jan Chaloupka Date: Sun, 22 Oct 2023 19:29:12 +0200 Subject: [PATCH] [1.26] CVE 2023 44487 fixes --- cmd/descheduler/app/options/options.go | 2 ++ cmd/descheduler/app/server.go | 3 +++ 2 files changed, 5 insertions(+) diff --git a/cmd/descheduler/app/options/options.go b/cmd/descheduler/app/options/options.go index 0d0a30ceb..f26ca033c 100644 --- a/cmd/descheduler/app/options/options.go +++ b/cmd/descheduler/app/options/options.go @@ -43,6 +43,7 @@ type DeschedulerServer struct { EventClient clientset.Interface SecureServing *apiserveroptions.SecureServingOptionsWithLoopback DisableMetrics bool + EnableHTTP2 bool } // NewDeschedulerServer creates a new DeschedulerServer with default parameters @@ -89,6 +90,7 @@ func (rs *DeschedulerServer) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&rs.PolicyConfigFile, "policy-config-file", rs.PolicyConfigFile, "File with descheduler policy configuration.") fs.BoolVar(&rs.DryRun, "dry-run", rs.DryRun, "execute descheduler in dry run mode.") fs.BoolVar(&rs.DisableMetrics, "disable-metrics", rs.DisableMetrics, "Disables metrics. The metrics are by default served through https://localhost:10258/metrics. Secure address, resp. port can be changed through --bind-address, resp. --secure-port flags.") + fs.BoolVar(&rs.EnableHTTP2, "enable-http2", false, "If http/2 should be enabled for the metrics and health check") componentbaseoptions.BindLeaderElectionFlags(&rs.LeaderElection, fs) diff --git a/cmd/descheduler/app/server.go b/cmd/descheduler/app/server.go index 4009f5eff..811575552 100644 --- a/cmd/descheduler/app/server.go +++ b/cmd/descheduler/app/server.go @@ -62,6 +62,9 @@ func NewDeschedulerCommand(out io.Writer) *cobra.Command { klog.ErrorS(err, "failed to apply secure server configuration") return } + + SecureServing.DisableHTTP2 = !s.EnableHTTP2 + var factory registry.LogFormatFactory if s.Logging.Format == "json" {