-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Federation][kubefed]: Set apiserver to bind securely to 8443 instead of 443 #44639
[Federation][kubefed]: Set apiserver to bind securely to 8443 instead of 443 #44639
Conversation
@madhusudancs Does this change require a release note? |
c03fccd
to
4125006
Compare
@perotinus Your help would be greatly appreciated debugging the unit test failure. |
4125006
to
7d94c39
Compare
Review status: 0 of 3 files reviewed at latest revision, 1 unresolved discussion, some commit checks failed. federation/pkg/kubefed/init/init_test.go, line 841 at r1 (raw file):
This is the source of the test failure. You need Comments from Reviewable |
On platforms like OpenShift that don't run containers as root by default, binding to ports < 1000 is not permitted. Having the apiserver bind to a high port means it can run with reduced privileges. The service will still expose the apiserver on 443, so this change shouldn't impact clients of the federation api.
7d94c39
to
767ebf8
Compare
@madhusudancs Thank you! |
@marun Thanks for the PR. I don't think a release note is necessary here. Also, FYI, you can request/assign reviewers by using the /assign Reviewed 2 of 3 files at r1, 1 of 1 files at r2. Comments from Reviewable |
/lgtm Review status: all files reviewed at latest revision, 1 unresolved discussion, some commit checks failed. Comments from Reviewable |
@k8s-bot gce etcd3 e2e test this |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: madhusudancs, marun
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/release-note-none |
Automatic merge from submit-queue (batch tested with PRs 44645, 44639, 43510) |
On platforms like OpenShift that don't run containers as root by default, binding to ports < 1000 is not permitted. Having the apiserver bind to a high port means it can run with reduced privileges. The service will still expose the apiserver on 443, so this change shouldn't impact clients of the federation api.
cc: @kubernetes/sig-federation-pr-reviews @perotinus