Make the Kubelet read-only port configurable and disable it by default. Fixes #2159.
This commit is contained in:
parent
ffbdf31ac4
commit
11844c987c
4 changed files with 8 additions and 0 deletions
|
@ -122,3 +122,6 @@ bin_dir: /usr/local/bin
|
||||||
|
|
||||||
## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics.
|
## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics.
|
||||||
#etcd_metrics: basic
|
#etcd_metrics: basic
|
||||||
|
|
||||||
|
# The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable.
|
||||||
|
# kube_read_only_port: 10255
|
||||||
|
|
|
@ -86,3 +86,6 @@ kube_override_hostname: >-
|
||||||
|
|
||||||
# cAdvisor port
|
# cAdvisor port
|
||||||
kube_cadvisor_port: 0
|
kube_cadvisor_port: 0
|
||||||
|
|
||||||
|
# The read-only port for the Kubelet to serve on with no authentication/authorization.
|
||||||
|
kube_read_only_port: 0
|
||||||
|
|
|
@ -31,6 +31,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
||||||
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \
|
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \
|
||||||
--docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
|
--docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
|
--read-only-port={{ kube_read_only_port }} \
|
||||||
{% if kube_version | version_compare('v1.8', '<') %}
|
{% if kube_version | version_compare('v1.8', '<') %}
|
||||||
--experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \
|
--experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
|
@ -20,6 +20,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
||||||
--tls-cert-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem \
|
--tls-cert-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem \
|
||||||
--tls-private-key-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
|
--tls-private-key-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
|
--read-only-port={{ kube_read_only_port }} \
|
||||||
{% if kube_version | version_compare('v1.6', '>=') %}
|
{% if kube_version | version_compare('v1.6', '>=') %}
|
||||||
{# flag got removed with 1.7.0 #}
|
{# flag got removed with 1.7.0 #}
|
||||||
{% if kube_version | version_compare('v1.7', '<') %}
|
{% if kube_version | version_compare('v1.7', '<') %}
|
||||||
|
|
Loading…
Reference in a new issue