Avoid passing token when using http

serathius · serathius · commit 6376e0af37c7 · 2018-06-14T13:51:16.000+02:00
Bearer token is required on kubelet secure port that uses HTTPS. Sending
token to insecure port can pose security risk.
diff --git a/metrics/sources/kubelet/util/kubelet_client.go b/metrics/sources/kubelet/util/kubelet_client.go
@@ -73,7 +73,9 @@ func (c *KubeletClientConfig) transportConfig() *transport.Config {
 			KeyFile:  c.KeyFile,
 			KeyData:  c.KeyData,
 		},
-		BearerToken: c.BearerToken,
+	}
+	if c.EnableHttps {
+		cfg.BearerToken = c.BearerToken
 	}
 	if c.EnableHttps && !cfg.HasCA() {
 		cfg.TLS.Insecure = true
