From 3d620192d95dbacf5ad9c18755576b15047a8d10 Mon Sep 17 00:00:00 2001
From: shuaichen <shuaichen@google.com>
Date: Thu, 28 Oct 2021 03:01:22 +0000
Subject: [PATCH] Use 10250 as targetPort for metrics-server

Metrics-server's usage of privileged port 443 as targetPort requires
elevated permissions than necessary and violates principle of least
privilege.
---
 cluster/addons/metrics-server/metrics-server-deployment.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cluster/addons/metrics-server/metrics-server-deployment.yaml b/cluster/addons/metrics-server/metrics-server-deployment.yaml
index 9b18fa1a8b9..80c7b63e8f8 100644
--- a/cluster/addons/metrics-server/metrics-server-deployment.yaml
+++ b/cluster/addons/metrics-server/metrics-server-deployment.yaml
@@ -58,9 +58,9 @@ spec:
         - --kubelet-insecure-tls
         - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
         - --cert-dir=/tmp
-        - --secure-port=443
+        - --secure-port=10250
         ports:
-        - containerPort: 443
+        - containerPort: 10250
           name: https
           protocol: TCP
         readinessProbe: