Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #65869 Do not listen insecurely if secure port is specified #68982

Merged
merged 1 commit into from
Oct 4, 2018
Merged

Fixes #65869 Do not listen insecurely if secure port is specified #68982

merged 1 commit into from
Oct 4, 2018

Conversation

aruneli
Copy link

@aruneli aruneli commented Sep 23, 2018
edited

What this PR does / why we need it:
Make ccm not listen insecurely if secure port is specified

Which issue(s) this PR fixes:
#65869

Special notes for your reviewer:

I have made it such that the insecure port will be turned off if the secure-port flag is used. Here is the new behavior with this PR.

  1. By default, ccm only listens on secure port 10258
  2. If secure port is set, only secure port is changed to new port
  3. If only --port option is used, the ccm will listen on insecure port and default secure port (current behavior)
  4. If both --port and --secure-port are provided, then current behavior is retained
CCM server will not listen insecurely if secure port is specified

@stts @andrewsykim @jhorwit2 @wlan0 Please review

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 23, 2018
@k8s-ci-robot
Copy link
Contributor

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Sep 23, 2018
@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 23, 2018
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 23, 2018
@aruneli
Copy link
Author

aruneli commented Sep 23, 2018

/assign @wlan0

@wlan0
Copy link
Member

wlan0 commented Sep 23, 2018

Thanks for the PR @aruneli

LGTM. Pulled the code and tested it.

@stts @andrewsykim @jhorwit2 Pls review as well.

@wlan0
Copy link
Member

wlan0 commented Sep 23, 2018

/ok-to-test

@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Sep 23, 2018
@wlan0
Copy link
Member

wlan0 commented Sep 23, 2018

@aruneli There is a test failure. Pls fix

@neolit123
Copy link
Member

/check cla
/kind bug

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Sep 23, 2018
@aruneli
Copy link
Author

aruneli commented Sep 23, 2018

I signed it

@aruneli aruneli force-pushed the master branch 2 times, most recently from 05fc119 to 275b560 Compare September 23, 2018 19:32
@aruneli aruneli force-pushed the master branch 2 times, most recently from 696e853 to 8423310 Compare September 24, 2018 23:41
@aruneli
Copy link
Author

aruneli commented Sep 25, 2018

/retest

1 similar comment
@aruneli
Copy link
Author

aruneli commented Sep 25, 2018

/retest

@aruneli
Copy link
Author

aruneli commented Sep 25, 2018

/retest

stewart-yu
stewart-yu reviewed Sep 26, 2018
View reviewed changes
Copy link
Contributor

@stewart-yu stewart-yu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm little confused about this PR, seems discard the 10253 port absolutly?

cmd/cloud-controller-manager/app/options/options.go Outdated Show resolved Hide resolved
@stewart-yu
Copy link
Contributor

Have you signed the CLA?

@aruneli
Copy link
Author

aruneli commented Sep 26, 2018

/check-cla

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Sep 26, 2018
@fedebongio
Copy link
Contributor

/assign @cheftako

@cheftako
Copy link
Member

cheftako commented Oct 2, 2018

It looks like it will change the behavior of the CCM CLI. Before your change it would default to listening on port 10253 unless you explicitly turned off the port. With your change the server will not listen to that port (more secure) however that is a change. If the change was after the deprecation period, then the option would just be done away with. Before the deprecation period, I think it at least needs an action release note. I believe the deprecation was recent so we should make sure to have an action release note.

@aruneli
Copy link
Author

aruneli commented Oct 2, 2018

/release-note

@k8s-ci-robot
Copy link
Contributor

@aruneli: the /release-note and /release-note-action-required commands have been deprecated.
Please edit the release-note block in the PR body text to include the release note. If the release note requires additional action include the string action required in the release note. For example:

```release-note
Some release note with action required.
```

In response to this:

/release-note

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Oct 2, 2018
@cheftako
Copy link
Member

cheftako commented Oct 2, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 2, 2018
@wlan0
Copy link
Member

wlan0 commented Oct 3, 2018

/approve

@wlan0
Copy link
Member

wlan0 commented Oct 3, 2018

Ping @foxish

@foxish
Copy link
Contributor

foxish commented Oct 3, 2018

/approve for the test change

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aruneli, cheftako, foxish, wlan0

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 3, 2018
@aruneli
Copy link
Author

aruneli commented Oct 3, 2018

/test pull-kubernetes-typecheck

@aruneli
Copy link
Author

aruneli commented Oct 3, 2018

/test pull-kubernetes-verify

@k8s-ci-robot k8s-ci-robot merged commit 5dd78df into kubernetes:master Oct 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stewart-yu stewart-yu stewart-yu left review comments

@luxas luxas Awaiting requested review from luxas

Assignees

@cheftako cheftako

@wlan0 wlan0

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
10 participants
@aruneli @k8s-ci-robot @wlan0 @neolit123 @jhorwit2 @stewart-yu @fedebongio @cheftako @foxish @arunkumar-eli