Serve streaming on localhost by default to match k8s 1.11 default. #858
Serve streaming on localhost by default to match k8s 1.11 default. #858
Conversation
b4d3c05
to
cb76641
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree arbitrary not as good as specified port.. more secure.
Just to clarify, with this PR, we are going to use arbitrary (non-fixed) port on localhost. Because it is localhost, there shouldn't be security problem ideally. |
Sry was typing fast. I meant Agree with arbitrary point, but specified is more secure. Release note and maybe a note in the config.md will suffice. |
Which reminds me.. can we update the comment for this up on line 105- and the config.md? |
@mikebrow Make sense... Will do! Thanks for reminding! |
Signed-off-by: Lantao Liu <lantaol@google.com>
cb76641
to
b3d6f16
Compare
@mikebrow Done. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/LGTM
Cherrypick #858 to release/1.11.
Ref #777.
Change the default config to match Kubernetes 1.11 default behavior.
Initially, I thought we should keep default unchanged so that the default config can work with both K8s 1.10 and 1.11.
However, I talked with @dmcgowan today, and we found users don't like arbitrary fixed port listening. Given that we don't need a fixed port anymore for K8s 1.11, I think we should change the default to match the k8s 1.11 behavior to get rid of this fixed port.
We need to mention in the release note that, if you want to use containerd 1.2 with K8s 1.10, please set
stream_server_address=""
andstream_server_port
to a fixed port if you need a fixed one.Signed-off-by: Lantao Liu lantaol@google.com