From e777907755389a2c10dba3297d3df02036ffb1e0 Mon Sep 17 00:00:00 2001 From: "Lubomir I. Ivanov" Date: Wed, 1 Jul 2020 22:17:46 +0300 Subject: [PATCH] kubeadm: add --port=0 for kube-controller-manager and kube-scheduler Kubeadm setup of kube-controller-manager and kube-scheduler is lacking the --port=0 option which caused the component to enable the insecure port by default and serve insecurely on the default node interface. Add --port=0 by default to both components. Users are still allowed the explicitly set the flag (via extraArgs), which allows them to override this default kubeadm behavior and enable the insecure port. NOTE: the flag is deprecated and should be removed from kubeadm manifests once it's removed from core. --- cmd/kubeadm/app/phases/controlplane/manifests.go | 2 ++ cmd/kubeadm/app/phases/controlplane/manifests_test.go | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go index 12684833aeea..0926e0bea720 100644 --- a/cmd/kubeadm/app/phases/controlplane/manifests.go +++ b/cmd/kubeadm/app/phases/controlplane/manifests.go @@ -290,6 +290,7 @@ func getControllerManagerCommand(cfg *kubeadmapi.ClusterConfiguration) []string caFile := filepath.Join(cfg.CertificatesDir, kubeadmconstants.CACertName) defaultArguments := map[string]string{ + "port": "0", "bind-address": "127.0.0.1", "leader-elect": "true", "kubeconfig": kubeconfigFile, @@ -342,6 +343,7 @@ func getControllerManagerCommand(cfg *kubeadmapi.ClusterConfiguration) []string func getSchedulerCommand(cfg *kubeadmapi.ClusterConfiguration) []string { kubeconfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.SchedulerKubeConfigFileName) defaultArguments := map[string]string{ + "port": "0", "bind-address": "127.0.0.1", "leader-elect": "true", "kubeconfig": kubeconfigFile, diff --git a/cmd/kubeadm/app/phases/controlplane/manifests_test.go b/cmd/kubeadm/app/phases/controlplane/manifests_test.go index 91ad841c4da6..1db26b230eaf 100644 --- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go +++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go @@ -586,6 +586,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -610,6 +611,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -639,6 +641,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -670,6 +673,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -700,6 +704,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -831,6 +836,7 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) { expectedArgFunc: func(tmpdir string) []string { return []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -860,6 +866,7 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) { expectedArgFunc: func(tmpdir string) []string { return []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -921,6 +928,7 @@ func TestGetSchedulerCommand(t *testing.T) { cfg: &kubeadmapi.ClusterConfiguration{}, expected: []string{ "kube-scheduler", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",