Mark --kubelet-https deprecated, unconditionally use https for apiserver->kubelet connections

2025-09-28 13:45:50 +00:00 · 2020-06-01 10:43:26 -04:00
parent 081f97aa2b
commit 2e8461a5bc
4 changed files with 11 additions and 24 deletions
--- a/pkg/kubelet/client/kubelet_client.go
+++ b/pkg/kubelet/client/kubelet_client.go
@@ -41,9 +41,6 @@ type KubeletClientConfig struct {
 	// ReadOnlyPort specifies the Port for ReadOnly communications.
 	ReadOnlyPort uint

-	// EnableHTTPs specifies if traffic should be encrypted.
-	EnableHTTPS bool
-
 	// PreferredAddressTypes - used to select an address from Node.NodeStatus.Addresses
 	PreferredAddressTypes []string

@@ -139,7 +136,7 @@ func (c *KubeletClientConfig) transportConfig() *transport.Config {
 		},
 		BearerToken: c.BearerToken,
 	}
-	if c.EnableHTTPS && !cfg.HasCA() {
+	if !cfg.HasCA() {
 		cfg.TLS.Insecure = true
 	}
 	return cfg
@@ -176,11 +173,6 @@ type NodeConnectionInfoGetter struct {

 // NewNodeConnectionInfoGetter creates a new NodeConnectionInfoGetter.
 func NewNodeConnectionInfoGetter(nodes NodeGetter, config KubeletClientConfig) (ConnectionInfoGetter, error) {
-	scheme := "http"
-	if config.EnableHTTPS {
-		scheme = "https"
-	}
-
 	transport, err := MakeTransport(&config)
 	if err != nil {
 		return nil, err
@@ -197,7 +189,7 @@ func NewNodeConnectionInfoGetter(nodes NodeGetter, config KubeletClientConfig) (

 	return &NodeConnectionInfoGetter{
 		nodes:                          nodes,
-		scheme:                         scheme,
+		scheme:                         "https",
 		defaultPort:                    int(config.Port),
 		transport:                      transport,
 		insecureSkipTLSVerifyTransport: insecureSkipTLSVerifyTransport,
--- a/pkg/kubelet/client/kubelet_client_test.go
+++ b/pkg/kubelet/client/kubelet_client_test.go
@@ -30,7 +30,6 @@ import (

 func TestMakeTransportInvalid(t *testing.T) {
 	config := &KubeletClientConfig{
-		EnableHTTPS: true,
 		//Invalid certificate and key path
 		TLSClientConfig: restclient.TLSClientConfig{
 			CertFile: "../../client/testdata/mycertinvalid.cer",
@@ -50,13 +49,12 @@ func TestMakeTransportInvalid(t *testing.T) {

 func TestMakeTransportValid(t *testing.T) {
 	config := &KubeletClientConfig{
-		Port:        1234,
-		EnableHTTPS: true,
+		Port: 1234,
 		TLSClientConfig: restclient.TLSClientConfig{
 			CertFile: "../../client/testdata/mycertvalid.cer",
-			// TLS Configuration, only applies if EnableHTTPS is true.
+			// TLS Configuration
 			KeyFile: "../../client/testdata/mycertvalid.key",
-			// TLS Configuration, only applies if EnableHTTPS is true.
+			// TLS Configuration
 			CAFile: "../../client/testdata/myCA.cer",
 		},
 	}
@@ -90,13 +88,12 @@ func TestMakeInsecureTransport(t *testing.T) {
 	}

 	config := &KubeletClientConfig{
-		Port:        uint(port),
-		EnableHTTPS: true,
+		Port: uint(port),
 		TLSClientConfig: restclient.TLSClientConfig{
 			CertFile: "../../client/testdata/mycertvalid.cer",
-			// TLS Configuration, only applies if EnableHTTPS is true.
+			// TLS Configuration
 			KeyFile: "../../client/testdata/mycertvalid.key",
-			// TLS Configuration, only applies if EnableHTTPS is true.
+			// TLS Configuration
 			CAFile: "../../client/testdata/myCA.cer",
 		},
 	}