github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-31 13:50:01 +00:00
Code Issues Projects Releases Wiki Activity

when disabled, don't create the API server's insecure port mapping

Browse Source
This commit is contained in:
Jake Sanders
2019-05-08 09:21:09 -07:00
parent 22b6c69983
commit 2576713a40
3 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cluster/gce/gci/apiserver_manifest_test.go
View File

@@ -49,6 +49,7 @@ readonly APISERVER_SERVER_KEY_PATH=/foo/bar
readonly APISERVER_CLIENT_CERT_PATH=/foo/bar readonly APISERVER_CLIENT_CERT_PATH=/foo/bar
readonly CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true}," readonly CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true},"
readonly CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\", \"type\": \"FileOrCreate\"}}," readonly CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\", \"type\": \"FileOrCreate\"}},"
readonly INSECURE_PORT_MAPPING="{ \"name\": \"local\", \"containerPort\": 8080, \"hostPort\": 8080},"
readonly DOCKER_REGISTRY="k8s.gcr.io" readonly DOCKER_REGISTRY="k8s.gcr.io"
readonly ENABLE_LEGACY_ABAC=false readonly ENABLE_LEGACY_ABAC=false
readonly ETC_MANIFESTS=${KUBE_HOME}/etc/kubernetes/manifests readonly ETC_MANIFESTS=${KUBE_HOME}/etc/kubernetes/manifests

8
cluster/gce/gci/configure-helper.sh
View File

@@ -1498,6 +1498,7 @@ function start-etcd-servers {
# DOCKER_REGISTRY # DOCKER_REGISTRY
# FLEXVOLUME_HOSTPATH_MOUNT # FLEXVOLUME_HOSTPATH_MOUNT
# FLEXVOLUME_HOSTPATH_VOLUME # FLEXVOLUME_HOSTPATH_VOLUME
# INSECURE_PORT_MAPPING
function compute-master-manifest-variables { function compute-master-manifest-variables {
CLOUD_CONFIG_OPT="" CLOUD_CONFIG_OPT=""
CLOUD_CONFIG_VOLUME="" CLOUD_CONFIG_VOLUME=""
@@ -1518,6 +1519,11 @@ function compute-master-manifest-variables {
FLEXVOLUME_HOSTPATH_MOUNT="{ \"name\": \"flexvolumedir\", \"mountPath\": \"${VOLUME_PLUGIN_DIR}\", \"readOnly\": true}," FLEXVOLUME_HOSTPATH_MOUNT="{ \"name\": \"flexvolumedir\", \"mountPath\": \"${VOLUME_PLUGIN_DIR}\", \"readOnly\": true},"
FLEXVOLUME_HOSTPATH_VOLUME="{ \"name\": \"flexvolumedir\", \"hostPath\": {\"path\": \"${VOLUME_PLUGIN_DIR}\"}}," FLEXVOLUME_HOSTPATH_VOLUME="{ \"name\": \"flexvolumedir\", \"hostPath\": {\"path\": \"${VOLUME_PLUGIN_DIR}\"}},"
fi fi
INSECURE_PORT_MAPPING=""
if [[ "${ENABLE_APISERVER_INSECURE_PORT:-false}" == "true" ]]; then
INSECURE_PORT_MAPPING="{ \"name\": \"local\", \"containerPort\": 8080, \"hostPort\": 8080},"
fi
} }
# A helper function that bind mounts kubelet dirs for running mount in a chroot # A helper function that bind mounts kubelet dirs for running mount in a chroot
@@ -1542,6 +1548,7 @@ function prepare-mounter-rootfs {
# CLOUD_CONFIG_VOLUME # CLOUD_CONFIG_VOLUME
# CLOUD_CONFIG_MOUNT # CLOUD_CONFIG_MOUNT
# DOCKER_REGISTRY # DOCKER_REGISTRY
# INSECURE_PORT_MAPPING
function start-kube-apiserver { function start-kube-apiserver {
echo "Start kubernetes api-server" echo "Start kubernetes api-server"
prepare-log-file "${KUBE_API_SERVER_LOG_PATH:-/var/log/kube-apiserver.log}" prepare-log-file "${KUBE_API_SERVER_LOG_PATH:-/var/log/kube-apiserver.log}"
@@ -1858,6 +1865,7 @@ function start-kube-apiserver {
sed -i -e "s@{{pillar\['allow_privileged'\]}}@true@g" "${src_file}" sed -i -e "s@{{pillar\['allow_privileged'\]}}@true@g" "${src_file}"
sed -i -e "s@{{liveness_probe_initial_delay}}@${KUBE_APISERVER_LIVENESS_PROBE_INITIAL_DELAY_SEC:-15}@g" "${src_file}" sed -i -e "s@{{liveness_probe_initial_delay}}@${KUBE_APISERVER_LIVENESS_PROBE_INITIAL_DELAY_SEC:-15}@g" "${src_file}"
sed -i -e "s@{{secure_port}}@443@g" "${src_file}" sed -i -e "s@{{secure_port}}@443@g" "${src_file}"
sed -i -e "s@{{insecure_port_mapping}}@${INSECURE_PORT_MAPPING}@g" "${src_file}"
sed -i -e "s@{{additional_cloud_config_mount}}@@g" "${src_file}" sed -i -e "s@{{additional_cloud_config_mount}}@@g" "${src_file}"
sed -i -e "s@{{additional_cloud_config_volume}}@@g" "${src_file}" sed -i -e "s@{{additional_cloud_config_volume}}@@g" "${src_file}"
sed -i -e "s@{{webhook_authn_config_mount}}@${webhook_authn_config_mount}@g" "${src_file}" sed -i -e "s@{{webhook_authn_config_mount}}@${webhook_authn_config_mount}@g" "${src_file}"

10
cluster/gce/manifests/kube-apiserver.manifest
View File

@@ -53,13 +53,11 @@
"timeoutSeconds": 15 "timeoutSeconds": 15
}, },
"ports":[ "ports":[
{{insecure_port_mapping}}
{ "name": "https", { "name": "https",
"containerPort": {{secure_port}}, "containerPort": {{secure_port}},
"hostPort": {{secure_port}}},{ "hostPort": {{secure_port}}}
"name": "local", ],
"containerPort": 8080,
"hostPort": 8080}
],
"volumeMounts": [ "volumeMounts": [
{{kms_socket_mount}} {{kms_socket_mount}}
{{encryption_provider_mount}} {{encryption_provider_mount}}