Skip to content

Commit f66513d

Browse files
neolit123neolit123
committed
kubeadm: add --port=0 for kube-controller-manager and kube-scheduler
Kubeadm setup of kube-controller-manager and kube-scheduler is lacking the --port=0 option which caused the component to enable the insecure port by default and serve insecurely on the default node interface. Add --port=0 by default to both components. Users are still allowed the explicitly set the flag (via extraArgs), which allows them to override this default kubeadm behavior and enable the insecure port. NOTE: the flag is deprecated and should be removed from kubeadm manifests once it's removed from core.
1 parent da54185 commit f66513d

File tree

2 files changed

+13
-0
lines changed

2 files changed

+13
-0
lines changed

cmd/kubeadm/app/phases/controlplane/manifests.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -322,6 +322,7 @@ func getControllerManagerCommand(cfg *kubeadmapi.ClusterConfiguration) []string
322322
caFile := filepath.Join(cfg.CertificatesDir, kubeadmconstants.CACertName)
323323

324324
defaultArguments := map[string]string{
325+
"port": "0",
325326
"bind-address": "127.0.0.1",
326327
"leader-elect": "true",
327328
"kubeconfig": kubeconfigFile,
@@ -392,6 +393,7 @@ func getControllerManagerCommand(cfg *kubeadmapi.ClusterConfiguration) []string
392393
func getSchedulerCommand(cfg *kubeadmapi.ClusterConfiguration) []string {
393394
kubeconfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.SchedulerKubeConfigFileName)
394395
defaultArguments := map[string]string{
396+
"port": "0",
395397
"bind-address": "127.0.0.1",
396398
"leader-elect": "true",
397399
"kubeconfig": kubeconfigFile,

cmd/kubeadm/app/phases/controlplane/manifests_test.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -588,6 +588,7 @@ func TestGetControllerManagerCommand(t *testing.T) {
588588
},
589589
expected: []string{
590590
"kube-controller-manager",
591+
"--port=0",
591592
"--bind-address=127.0.0.1",
592593
"--leader-elect=true",
593594
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -612,6 +613,7 @@ func TestGetControllerManagerCommand(t *testing.T) {
612613
},
613614
expected: []string{
614615
"kube-controller-manager",
616+
"--port=0",
615617
"--bind-address=127.0.0.1",
616618
"--leader-elect=true",
617619
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -636,6 +638,7 @@ func TestGetControllerManagerCommand(t *testing.T) {
636638
},
637639
expected: []string{
638640
"kube-controller-manager",
641+
"--port=0",
639642
"--bind-address=127.0.0.1",
640643
"--leader-elect=true",
641644
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -665,6 +668,7 @@ func TestGetControllerManagerCommand(t *testing.T) {
665668
},
666669
expected: []string{
667670
"kube-controller-manager",
671+
"--port=0",
668672
"--bind-address=127.0.0.1",
669673
"--leader-elect=true",
670674
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -696,6 +700,7 @@ func TestGetControllerManagerCommand(t *testing.T) {
696700
},
697701
expected: []string{
698702
"kube-controller-manager",
703+
"--port=0",
699704
"--bind-address=127.0.0.1",
700705
"--leader-elect=true",
701706
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -726,6 +731,7 @@ func TestGetControllerManagerCommand(t *testing.T) {
726731
},
727732
expected: []string{
728733
"kube-controller-manager",
734+
"--port=0",
729735
"--bind-address=127.0.0.1",
730736
"--leader-elect=true",
731737
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -758,6 +764,7 @@ func TestGetControllerManagerCommand(t *testing.T) {
758764
},
759765
expected: []string{
760766
"kube-controller-manager",
767+
"--port=0",
761768
"--bind-address=127.0.0.1",
762769
"--leader-elect=true",
763770
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -792,6 +799,7 @@ func TestGetControllerManagerCommand(t *testing.T) {
792799
},
793800
expected: []string{
794801
"kube-controller-manager",
802+
"--port=0",
795803
"--bind-address=127.0.0.1",
796804
"--leader-elect=true",
797805
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -941,6 +949,7 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
941949
expectedArgFunc: func(tmpdir string) []string {
942950
return []string{
943951
"kube-controller-manager",
952+
"--port=0",
944953
"--bind-address=127.0.0.1",
945954
"--leader-elect=true",
946955
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -970,6 +979,7 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
970979
expectedArgFunc: func(tmpdir string) []string {
971980
return []string{
972981
"kube-controller-manager",
982+
"--port=0",
973983
"--bind-address=127.0.0.1",
974984
"--leader-elect=true",
975985
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
@@ -1031,6 +1041,7 @@ func TestGetSchedulerCommand(t *testing.T) {
10311041
cfg: &kubeadmapi.ClusterConfiguration{},
10321042
expected: []string{
10331043
"kube-scheduler",
1044+
"--port=0",
10341045
"--bind-address=127.0.0.1",
10351046
"--leader-elect=true",
10361047
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",

0 commit comments

Comments
 (0)