-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #65869 Do not listen insecurely if secure port is specified #68982
Conversation
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/assign @wlan0 |
Thanks for the PR @aruneli LGTM. Pulled the code and tested it. @stts @andrewsykim @jhorwit2 Pls review as well. |
/ok-to-test |
@aruneli There is a test failure. Pls fix |
/check cla |
I signed it |
05fc119
to
275b560
Compare
696e853
to
8423310
Compare
/retest |
1 similar comment
/retest |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm little confused about this PR, seems discard the 10253 port absolutly?
Have you signed the CLA? |
/check-cla |
/assign @cheftako |
It looks like it will change the behavior of the CCM CLI. Before your change it would default to listening on port 10253 unless you explicitly turned off the port. With your change the server will not listen to that port (more secure) however that is a change. If the change was after the deprecation period, then the option would just be done away with. Before the deprecation period, I think it at least needs an action release note. I believe the deprecation was recent so we should make sure to have an action release note. |
/release-note |
@aruneli: the
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
/approve |
Ping @foxish |
/approve for the test change |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aruneli, cheftako, foxish, wlan0 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test pull-kubernetes-typecheck |
/test pull-kubernetes-verify |
What this PR does / why we need it:
Make ccm not listen insecurely if secure port is specified
Which issue(s) this PR fixes:
#65869
Special notes for your reviewer:
I have made it such that the insecure port will be turned off if the secure-port flag is used. Here is the new behavior with this PR.
--port
option is used, the ccm will listen on insecure port and default secure port (current behavior)--port
and--secure-port
are provided, then current behavior is retained@stts @andrewsykim @jhorwit2 @wlan0 Please review