From 113ab741e6d8012814436c4844fc8e5c104131be Mon Sep 17 00:00:00 2001
From: Jake Sanders <jsand@google.com>
Date: Thu, 18 Apr 2019 19:51:37 +0000
Subject: [PATCH] add option to set the value of the apiserver's insecure port

---
 cluster/gce/gci/configure-helper.sh           | 4 ++++
 cluster/gce/manifests/kube-apiserver.manifest | 6 ++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index c916f1f4f3b..655f493785e 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -1593,6 +1593,10 @@ function start-kube-apiserver {
     params+=" --etcd-servers-overrides=${ETCD_SERVERS_OVERRIDES:-}"
   fi
   params+=" --secure-port=443"
+  if [[ "${ENABLE_APISERVER_INSECURE_PORT:-true}" != "true" ]]; then
+    # Default is :8080
+    params+=" --insecure-port=0"
+  fi
   params+=" --tls-cert-file=${APISERVER_SERVER_CERT_PATH}"
   params+=" --tls-private-key-file=${APISERVER_SERVER_KEY_PATH}"
   params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"
diff --git a/cluster/gce/manifests/kube-apiserver.manifest b/cluster/gce/manifests/kube-apiserver.manifest
index d045c844c47..acbdcee0a55 100644
--- a/cluster/gce/manifests/kube-apiserver.manifest
+++ b/cluster/gce/manifests/kube-apiserver.manifest
@@ -32,8 +32,9 @@
     {{container_env}}
     "livenessProbe": {
       "httpGet": {
+        "scheme": "HTTPS",
         "host": "127.0.0.1",
-        "port": 8080,
+        "port": {{secure_port}},
         "path": "/healthz?exclude=etcd"
       },
       "initialDelaySeconds": {{liveness_probe_initial_delay}},
@@ -41,8 +42,9 @@
     },
     "readinessProbe": {
       "httpGet": {
+        "scheme": "HTTPS",
         "host": "127.0.0.1",
-        "port": 8080,
+        "port": {{secure_port}},
         "path": "/healthz"
       },
       "periodSeconds": 1,