github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

PodSecurity: update webhook manifest to use named port

Browse Source
This commit is contained in:
Jordan Liggitt 2021-11-03 11:36:04 -04:00
parent f6456d098e
commit 9f92fb0d7e
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
staging/src/k8s.io/pod-security-admission/webhook/manifests/50-deployment.yaml
View File

@ -31,7 +31,11 @@ spec:
image: k8s.gcr.io/sig-auth/pod-security-webhook:v1.23-beta.0 image: k8s.gcr.io/sig-auth/pod-security-webhook:v1.23-beta.0
terminationMessagePolicy: FallbackToLogsOnError terminationMessagePolicy: FallbackToLogsOnError
ports: ports:
- containerPort: 8443 - name: webhook
# A port > 1024 avoids needing low port bind privileges.
# Using the same port as the kubelet is likely to already be permitted in apiserver -> node firewall rules.
# The pod has its own IP and doesn't run with hostNetwork, so there's no port conflict with the kubelet.
containerPort: 10250
args: args:
[ [
"--config", "--config",
@ -41,7 +45,7 @@ spec:
"--tls-private-key-file", "--tls-private-key-file",
"/etc/pki/tls.key", "/etc/pki/tls.key",
"--secure-port", "--secure-port",
"8443", "10250",
] ]
resources: resources:
requests: requests:

2
staging/src/k8s.io/pod-security-admission/webhook/manifests/60-service.yaml
View File

@ -8,7 +8,7 @@ metadata:
spec: spec:
ports: ports:
- port: 443 - port: 443
targetPort: 8443 targetPort: webhook
protocol: TCP protocol: TCP
name: https name: https
selector: selector: