Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix istiod port by allowing it to run on 443 #2613

Merged
merged 1 commit into from
Jul 22, 2020
Merged

Fix istiod port by allowing it to run on 443 #2613

merged 1 commit into from
Jul 22, 2020

Conversation

mvladev
Copy link

@mvladev mvladev commented Jul 22, 2020

How to categorize this PR?

/area control-plane
/kind bug
/priority normal

What this PR does / why we need it:

Fixing istiod by setting correct uid and groupid on the container. All capabilities are dropped except for NET_BIND_SERVICE.

Which issue(s) this PR fixes:

2020-07-22T04:51:21.261088Z     info    FLAG: --trust-domain="cluster.local"
2020-07-22T04:51:21.713999Z     warn    listen tcp 0.0.0.0:443: bind: permission denied
2020-07-22T04:51:26.840403Z     warn    https webhook server not ready: 500
2020-07-22T04:51:31.811403Z     warn    https webhook server not ready: 500

Special notes for your reviewer:

Release note:

Fixed a bug where `istiod` cannot listen on `443` due to insufficient privileges.

@mvladev mvladev requested a review from timebertt July 22, 2020 06:07
@mvladev mvladev requested a review from a team as a code owner July 22, 2020 06:07
rfranzke
rfranzke approved these changes Jul 22, 2020
View reviewed changes
Copy link
Member

@rfranzke rfranzke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

timebertt
timebertt approved these changes Jul 22, 2020
View reviewed changes
Copy link
Member

@timebertt timebertt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@rfranzke rfranzke merged commit 748af5a into gardener:master Jul 22, 2020
@mvladev mvladev deleted the fix-istiod-https-port branch July 22, 2020 07:45
@mvladev mvladev mentioned this pull request Jul 22, 2020
Merged
@gardener-robot gardener-robot added priority/3 Priority (lower number equals higher priority) and removed priority/3 Priority (lower number equals higher priority) labels Mar 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rfranzke rfranzke rfranzke approved these changes

@timebertt timebertt timebertt approved these changes

Assignees
No one assigned
Labels
area/control-plane Control plane related kind/bug Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@mvladev @rfranzke @timebertt @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot