kubernetes-sigs/prometheus-adapter
1
0
Fork 1
mirror of https://github.com/kubernetes-sigs/prometheus-adapter.git synced 2026-04-05 17:27:51 +00:00
Code Issues Projects Releases Packages Activity Actions

Add a toggle to disable HTTP/2 on the server to mitigate CVE-2023-44487

Browse source 
until the Go standard library and golang.org/x/net are fully fixed.
This commit is contained in:
machine424 2023-10-30 09:48:56 +01:00
parent 891c52fe00
commit ba77337ae4
No known key found for this signature in database
GPG key ID: A4B001A4FDEE017D
1 changed files with 12 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

13
cmd/adapter/adapter.go
View file

@ -82,7 +82,8 @@ type PrometheusAdapter struct {
MetricsRelistInterval time.Duration MetricsRelistInterval time.Duration
// MetricsMaxAge is the period to query available metrics for // MetricsMaxAge is the period to query available metrics for
MetricsMaxAge time.Duration MetricsMaxAge time.Duration
// DisableHTTP2 indicates that http2 should not be enabled.
DisableHTTP2 bool
metricsConfig *adaptercfg.MetricsDiscoveryConfig metricsConfig *adaptercfg.MetricsDiscoveryConfig
} }
@ -156,6 +157,8 @@ func (cmd *PrometheusAdapter) addFlags() {
"interval at which to re-list the set of all available metrics from Prometheus") "interval at which to re-list the set of all available metrics from Prometheus")
cmd.Flags().DurationVar(&cmd.MetricsMaxAge, "metrics-max-age", cmd.MetricsMaxAge, cmd.Flags().DurationVar(&cmd.MetricsMaxAge, "metrics-max-age", cmd.MetricsMaxAge,
"period for which to query the set of available metrics from Prometheus") "period for which to query the set of available metrics from Prometheus")
cmd.Flags().BoolVar(&cmd.DisableHTTP2, "disable-http2", cmd.DisableHTTP2,
"Disable HTTP/2 support")
// Add logging flags // Add logging flags
logs.AddFlags(cmd.Flags()) logs.AddFlags(cmd.Flags())
@ -357,6 +360,14 @@ func main() {
klog.Fatalf("unable to install resource metrics API: %v", err) klog.Fatalf("unable to install resource metrics API: %v", err)
} }
// disable HTTP/2 to mitigate CVE-2023-44487 until the Go standard library
// and golang.org/x/net are fully fixed.
server, err := cmd.Server()
if err != nil {
klog.Fatalf("unable to fetch server: %v", err)
}
server.GenericAPIServer.SecureServingInfo.DisableHTTP2 = cmd.DisableHTTP2
// run the server // run the server
if err := cmd.Run(stopCh); err != nil { if err := cmd.Run(stopCh); err != nil {
klog.Fatalf("unable to run custom metrics adapter: %v", err) klog.Fatalf("unable to run custom metrics adapter: %v", err)