From 3d620192d95dbacf5ad9c18755576b15047a8d10 Mon Sep 17 00:00:00 2001 From: shuaichen Date: Thu, 28 Oct 2021 03:01:22 +0000 Subject: [PATCH] Use 10250 as targetPort for metrics-server Metrics-server's usage of privileged port 443 as targetPort requires elevated permissions than necessary and violates principle of least privilege. --- cluster/addons/metrics-server/metrics-server-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/addons/metrics-server/metrics-server-deployment.yaml b/cluster/addons/metrics-server/metrics-server-deployment.yaml index 9b18fa1a8b9..80c7b63e8f8 100644 --- a/cluster/addons/metrics-server/metrics-server-deployment.yaml +++ b/cluster/addons/metrics-server/metrics-server-deployment.yaml @@ -58,9 +58,9 @@ spec: - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP - --cert-dir=/tmp - - --secure-port=443 + - --secure-port=10250 ports: - - containerPort: 443 + - containerPort: 10250 name: https protocol: TCP readinessProbe: