Use 10250 as targetPort for metrics-server

Metrics-server's usage of privileged port 443 as targetPort requires
elevated permissions than necessary and violates principle of least
privilege.
This commit is contained in:
shuaichen 2021-10-28 03:01:22 +00:00
parent 87b0412232
commit 3d620192d9

View File

@ -58,9 +58,9 @@ spec:
- --kubelet-insecure-tls - --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
- --cert-dir=/tmp - --cert-dir=/tmp
- --secure-port=443 - --secure-port=10250
ports: ports:
- containerPort: 443 - containerPort: 10250
name: https name: https
protocol: TCP protocol: TCP
readinessProbe: readinessProbe: