Merge pull request #3252 from mirwan/remove_insecure-bind-address_when_insecure-bind-port_is_0

Remove insecure-port and insecure-bind-address when possible
This commit is contained in:
k8s-ci-robot 2018-09-07 07:41:21 -07:00 committed by GitHub
commit 5c2e9a5376
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 0 deletions

View file

@ -45,8 +45,12 @@ authorizationModes:
selfHosted: false
apiServerExtraArgs:
bind-address: {{ kube_apiserver_bind_address }}
{% if kube_apiserver_insecure_port|string != "0" %}
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
{% endif %}
{% if kube_apiserver_insecure_port|string != "0" or kube_version | version_compare('v1.10', '<') %}
insecure-port: "{{ kube_apiserver_insecure_port }}"
{% endif %}
{% if kube_version | version_compare('v1.10', '<') %}
admission-control: {{ kube_apiserver_admission_control | join(',') }}
{% else %}

View file

@ -37,8 +37,12 @@ authorizationModes:
{% endfor %}
apiServerExtraArgs:
bind-address: {{ kube_apiserver_bind_address }}
{% if kube_apiserver_insecure_port|string != "0" %}
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
{% endif %}
{% if kube_apiserver_insecure_port|string != "0" or kube_version | version_compare('v1.10', '<') %}
insecure-port: "{{ kube_apiserver_insecure_port }}"
{% endif %}
{% if kube_version | version_compare('v1.10', '<') %}
admission-control: {{ kube_apiserver_admission_control | join(',') }}
{% else %}

View file

@ -46,7 +46,9 @@ spec:
- --etcd-cafile={{ etcd_cert_dir }}/ca.pem
- --etcd-certfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem
- --etcd-keyfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem
{% if kube_apiserver_insecure_port|string != "0" %}
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
{% endif %}
- --bind-address={{ kube_apiserver_bind_address }}
- --apiserver-count={{ kube_apiserver_count }}
{% if kube_version | version_compare('v1.9', '>=') %}
@ -100,7 +102,9 @@ spec:
{% endif %}
{% endif %}
- --secure-port={{ kube_apiserver_port }}
{% if kube_apiserver_insecure_port|string != "0" or kube_version | version_compare('v1.10', '<') %}
- --insecure-port={{ kube_apiserver_insecure_port }}
{% endif %}
- --storage-backend={{ kube_apiserver_storage_backend }}
{% if kube_api_runtime_config is defined %}
{% for conf in kube_api_runtime_config %}