Skip to main content

Browse the archive

Revision 5f4bec2224d0c7a68ae682c4e8afb211dd2351e0 authored by Tom Payne on 01 February 2022, 15:58:59 UTC, committed by Jussi Mäki on 09 February 2022, 14:34:46 UTC 
labelfilter: Refine default label regexps
 
[ upstream commit 422d7fc95c7bdb5acf37094b47a2ed92cc245fd3 ]

Cilium treats label patterns as regular expressions. The existing
default labels, e.g. "!k8s.io", used a '.', which matches any character.
This led to the default labels being too permissive in their matching
and consequently labels like "k8sXo" being excluded from the identity,
with consequent security implications.

This commit properly escapes the regular expressions used in the default
labels.

Signed-off-by: Tom Payne <tom@isovalent.com>
Signed-off-by: Jussi Maki <jussi@isovalent.com>
1 parent c8a5d8b
History
File Mode Size
crds
demo
getting-started
hubble
kubernetes
kubernetes-cassandra
kubernetes-dns
kubernetes-es
kubernetes-external-ips
kubernetes-grpc
kubernetes-istio
kubernetes-kafka
kubernetes-local-redirect
kubernetes-memcached
kubernetes-tls-inspection
mesos
minikube
misc
policies
valid-labels.lpc -rw-r--r-- 207 bytes
back to top