Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm should not enable unsecure access to the API Server at localhost:8080 #181

Closed
luxas opened this issue Feb 24, 2017 · 1 comment
Closed

kubeadm should not enable unsecure access to the API Server at localhost:8080 #181

luxas opened this issue Feb 24, 2017 · 1 comment
Assignees
@luxas
Milestone
v1.6

Comments

@luxas
Copy link
Member

luxas commented Feb 24, 2017

As discussed with @liggitt @deads2k and @pires on Slack, kubeadm should not make the API Server listen on localhost:8080 insecurely with root access.

scheduler and controller-manager talks to the API Server with their own credentials (client certs), ref: kubernetes/kubernetes#41897

For normal admin users, /etc/kubernetes/admin.conf, a KubeConfig file is generated with full access to the cluster.

This will dramatically reduce the attack area.
@luxas luxas mentioned this issue Feb 24, 2017
Merged
k8s-github-robot pushed a commit to kubernetes/kubernetes that referenced this issue Mar 1, 2017
Merge pull request #42066 from luxas/kubeadm_remove_unsecure_port
fed7cea 
Automatic merge from submit-queue

kubeadm: Turn off insecure apiserver access on localhost:8080

**What this PR does / why we need it**:

ref: kubernetes/kubeadm#181
depends on: #41897

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
Insecure access to the API Server at localhost:8080 will be turned off in v1.6 when using kubeadm
```
@jbeda @liggitt @deads2k @pires @lukemarsden @mikedanese @errordeveloper
@luxas luxas added this to the v1.6 milestone Mar 2, 2017
@luxas luxas self-assigned this Mar 2, 2017
@luxas
Copy link
Member Author

luxas commented Mar 2, 2017

Fixed with kubernetes/kubernetes#42066

@luxas luxas closed this as completed Mar 2, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@luxas luxas

Labels
None yet
Projects
None yet
Milestone
v1.6
Development

No branches or pull requests
1 participant
@luxas