The read-only port is only available within the cluster, which is currently assumed to be a secured, trusted network.

We are working on removing the read-only port from the apiserver (e.g. #5921) which should take care of this.

The read-only port is going away in days; that should take care of this specific problem but not necessarily the general case.

@erictune the intention is to solve this with permissions?

At least that will mean that you need cluster admin access (read/write) to see the cluster secrets (right now anyone who can reach the read-only endpoint can escalate to having read-write access to the cluster). Until we have a permissions model in the master, I think that's the best we can do.

After #5921 is done, then we won't have anything called readonly. All
accounts (admin, default service account, etc) will be equally powerful.

Once we merge REST Policy, we will have differentiated permissions for
different roles.

On Tue, May 12, 2015 at 3:29 PM, Robert Bailey notifications@github.com
wrote:

At least that will mean that you need cluster admin access (read/write) to
see the cluster secrets (right now anyone who can reach the read-only
endpoint can escalate to having read-write access to the cluster). Until we
have a permissions model in the master, I think that's the best we can do.

—
Reply to this email directly or view it on GitHub
#7963 (comment)
.

@lavalamp can you update the status on this?

This will be fixed when #8155 merges.