github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Use 10250 as targetPort for metrics-server

Browse Source 
Metrics-server's usage of privileged port 443 as targetPort requires
elevated permissions than necessary and violates principle of least
privilege.
This commit is contained in:
shuaichen 2021-10-28 03:01:22 +00:00
parent 87b0412232
commit 3d620192d9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/addons/metrics-server/metrics-server-deployment.yaml
View File

@ -58,9 +58,9 @@ spec:
- --kubelet-insecure-tls - --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
- --cert-dir=/tmp - --cert-dir=/tmp
- --secure-port=443 - --secure-port=10250
ports: ports:
- containerPort: 443 - containerPort: 10250
name: https name: https
protocol: TCP protocol: TCP
readinessProbe: readinessProbe: