mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #77607 from dekkagaijin/mip
when disabled, don't create the API server's insecure port mapping
This commit is contained in:
commit
a3f8e95f68
@ -49,6 +49,7 @@ readonly APISERVER_SERVER_KEY_PATH=/foo/bar
|
|||||||
readonly APISERVER_CLIENT_CERT_PATH=/foo/bar
|
readonly APISERVER_CLIENT_CERT_PATH=/foo/bar
|
||||||
readonly CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true},"
|
readonly CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true},"
|
||||||
readonly CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\", \"type\": \"FileOrCreate\"}},"
|
readonly CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\", \"type\": \"FileOrCreate\"}},"
|
||||||
|
readonly INSECURE_PORT_MAPPING="{ \"name\": \"local\", \"containerPort\": 8080, \"hostPort\": 8080},"
|
||||||
readonly DOCKER_REGISTRY="k8s.gcr.io"
|
readonly DOCKER_REGISTRY="k8s.gcr.io"
|
||||||
readonly ENABLE_LEGACY_ABAC=false
|
readonly ENABLE_LEGACY_ABAC=false
|
||||||
readonly ETC_MANIFESTS=${KUBE_HOME}/etc/kubernetes/manifests
|
readonly ETC_MANIFESTS=${KUBE_HOME}/etc/kubernetes/manifests
|
||||||
|
@ -1498,6 +1498,7 @@ function start-etcd-servers {
|
|||||||
# DOCKER_REGISTRY
|
# DOCKER_REGISTRY
|
||||||
# FLEXVOLUME_HOSTPATH_MOUNT
|
# FLEXVOLUME_HOSTPATH_MOUNT
|
||||||
# FLEXVOLUME_HOSTPATH_VOLUME
|
# FLEXVOLUME_HOSTPATH_VOLUME
|
||||||
|
# INSECURE_PORT_MAPPING
|
||||||
function compute-master-manifest-variables {
|
function compute-master-manifest-variables {
|
||||||
CLOUD_CONFIG_OPT=""
|
CLOUD_CONFIG_OPT=""
|
||||||
CLOUD_CONFIG_VOLUME=""
|
CLOUD_CONFIG_VOLUME=""
|
||||||
@ -1518,6 +1519,11 @@ function compute-master-manifest-variables {
|
|||||||
FLEXVOLUME_HOSTPATH_MOUNT="{ \"name\": \"flexvolumedir\", \"mountPath\": \"${VOLUME_PLUGIN_DIR}\", \"readOnly\": true},"
|
FLEXVOLUME_HOSTPATH_MOUNT="{ \"name\": \"flexvolumedir\", \"mountPath\": \"${VOLUME_PLUGIN_DIR}\", \"readOnly\": true},"
|
||||||
FLEXVOLUME_HOSTPATH_VOLUME="{ \"name\": \"flexvolumedir\", \"hostPath\": {\"path\": \"${VOLUME_PLUGIN_DIR}\"}},"
|
FLEXVOLUME_HOSTPATH_VOLUME="{ \"name\": \"flexvolumedir\", \"hostPath\": {\"path\": \"${VOLUME_PLUGIN_DIR}\"}},"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
INSECURE_PORT_MAPPING=""
|
||||||
|
if [[ "${ENABLE_APISERVER_INSECURE_PORT:-false}" == "true" ]]; then
|
||||||
|
INSECURE_PORT_MAPPING="{ \"name\": \"local\", \"containerPort\": 8080, \"hostPort\": 8080},"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# A helper function that bind mounts kubelet dirs for running mount in a chroot
|
# A helper function that bind mounts kubelet dirs for running mount in a chroot
|
||||||
@ -1542,6 +1548,7 @@ function prepare-mounter-rootfs {
|
|||||||
# CLOUD_CONFIG_VOLUME
|
# CLOUD_CONFIG_VOLUME
|
||||||
# CLOUD_CONFIG_MOUNT
|
# CLOUD_CONFIG_MOUNT
|
||||||
# DOCKER_REGISTRY
|
# DOCKER_REGISTRY
|
||||||
|
# INSECURE_PORT_MAPPING
|
||||||
function start-kube-apiserver {
|
function start-kube-apiserver {
|
||||||
echo "Start kubernetes api-server"
|
echo "Start kubernetes api-server"
|
||||||
prepare-log-file "${KUBE_API_SERVER_LOG_PATH:-/var/log/kube-apiserver.log}"
|
prepare-log-file "${KUBE_API_SERVER_LOG_PATH:-/var/log/kube-apiserver.log}"
|
||||||
@ -1858,6 +1865,7 @@ function start-kube-apiserver {
|
|||||||
sed -i -e "s@{{pillar\['allow_privileged'\]}}@true@g" "${src_file}"
|
sed -i -e "s@{{pillar\['allow_privileged'\]}}@true@g" "${src_file}"
|
||||||
sed -i -e "s@{{liveness_probe_initial_delay}}@${KUBE_APISERVER_LIVENESS_PROBE_INITIAL_DELAY_SEC:-15}@g" "${src_file}"
|
sed -i -e "s@{{liveness_probe_initial_delay}}@${KUBE_APISERVER_LIVENESS_PROBE_INITIAL_DELAY_SEC:-15}@g" "${src_file}"
|
||||||
sed -i -e "s@{{secure_port}}@443@g" "${src_file}"
|
sed -i -e "s@{{secure_port}}@443@g" "${src_file}"
|
||||||
|
sed -i -e "s@{{insecure_port_mapping}}@${INSECURE_PORT_MAPPING}@g" "${src_file}"
|
||||||
sed -i -e "s@{{additional_cloud_config_mount}}@@g" "${src_file}"
|
sed -i -e "s@{{additional_cloud_config_mount}}@@g" "${src_file}"
|
||||||
sed -i -e "s@{{additional_cloud_config_volume}}@@g" "${src_file}"
|
sed -i -e "s@{{additional_cloud_config_volume}}@@g" "${src_file}"
|
||||||
sed -i -e "s@{{webhook_authn_config_mount}}@${webhook_authn_config_mount}@g" "${src_file}"
|
sed -i -e "s@{{webhook_authn_config_mount}}@${webhook_authn_config_mount}@g" "${src_file}"
|
||||||
|
@ -53,12 +53,10 @@
|
|||||||
"timeoutSeconds": 15
|
"timeoutSeconds": 15
|
||||||
},
|
},
|
||||||
"ports":[
|
"ports":[
|
||||||
|
{{insecure_port_mapping}}
|
||||||
{ "name": "https",
|
{ "name": "https",
|
||||||
"containerPort": {{secure_port}},
|
"containerPort": {{secure_port}},
|
||||||
"hostPort": {{secure_port}}},{
|
"hostPort": {{secure_port}}}
|
||||||
"name": "local",
|
|
||||||
"containerPort": 8080,
|
|
||||||
"hostPort": 8080}
|
|
||||||
],
|
],
|
||||||
"volumeMounts": [
|
"volumeMounts": [
|
||||||
{{kms_socket_mount}}
|
{{kms_socket_mount}}
|
||||||
|
Loading…
Reference in New Issue
Block a user