Make the Kubelet read-only port configurable and disable it by default. Fixes #2159.

This commit is contained in:
Jonas Kongslund 2018-01-16 11:11:41 +04:00
parent ffbdf31ac4
commit 11844c987c
4 changed files with 8 additions and 0 deletions

View file

@ -122,3 +122,6 @@ bin_dir: /usr/local/bin
## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics. ## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics.
#etcd_metrics: basic #etcd_metrics: basic
# The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable.
# kube_read_only_port: 10255

View file

@ -86,3 +86,6 @@ kube_override_hostname: >-
# cAdvisor port # cAdvisor port
kube_cadvisor_port: 0 kube_cadvisor_port: 0
# The read-only port for the Kubelet to serve on with no authentication/authorization.
kube_read_only_port: 0

View file

@ -31,6 +31,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \ --cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \
--docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \ --docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
--anonymous-auth=false \ --anonymous-auth=false \
--read-only-port={{ kube_read_only_port }} \
{% if kube_version | version_compare('v1.8', '<') %} {% if kube_version | version_compare('v1.8', '<') %}
--experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \ --experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \
{% else %} {% else %}

View file

@ -20,6 +20,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
--tls-cert-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem \ --tls-cert-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem \
--tls-private-key-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem \ --tls-private-key-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
--anonymous-auth=false \ --anonymous-auth=false \
--read-only-port={{ kube_read_only_port }} \
{% if kube_version | version_compare('v1.6', '>=') %} {% if kube_version | version_compare('v1.6', '>=') %}
{# flag got removed with 1.7.0 #} {# flag got removed with 1.7.0 #}
{% if kube_version | version_compare('v1.7', '<') %} {% if kube_version | version_compare('v1.7', '<') %}