From c2f8ef1b1a4e0e60379b7b7447d59a87b0b0ccf9 Mon Sep 17 00:00:00 2001 From: deads2k Date: Thu, 9 Mar 2017 13:51:59 -0500 Subject: [PATCH] move insecure options to kubeapiserver --- cmd/kube-apiserver/app/BUILD | 1 + cmd/kube-apiserver/app/options/options.go | 4 +- cmd/kube-apiserver/app/server.go | 7 +- federation/cmd/federation-apiserver/app/BUILD | 1 + .../app/options/options.go | 4 +- .../cmd/federation-apiserver/app/server.go | 6 +- pkg/kubeapiserver/options/BUILD | 2 + pkg/kubeapiserver/options/serving.go | 103 +++++++++++++++++- .../pkg/server/options/server_run_options.go | 32 ++---- .../apiserver/pkg/server/options/serving.go | 102 ++++------------- .../pkg/server/options/serving_test.go | 6 +- .../kube-aggregator/pkg/cmd/server/start.go | 1 - 12 files changed, 151 insertions(+), 118 deletions(-) diff --git a/cmd/kube-apiserver/app/BUILD b/cmd/kube-apiserver/app/BUILD index f75647da734..d1dfbcad7d1 100644 --- a/cmd/kube-apiserver/app/BUILD +++ b/cmd/kube-apiserver/app/BUILD @@ -32,6 +32,7 @@ go_library( "//pkg/kubeapiserver:go_default_library", "//pkg/kubeapiserver/admission:go_default_library", "//pkg/kubeapiserver/authenticator:go_default_library", + "//pkg/kubeapiserver/options:go_default_library", "//pkg/master:go_default_library", "//pkg/master/thirdparty:go_default_library", "//pkg/master/tunneler:go_default_library", diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index 57ee8b3cfbb..e8c71639466 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -44,7 +44,7 @@ type ServerRunOptions struct { GenericServerRunOptions *genericoptions.ServerRunOptions Etcd *genericoptions.EtcdOptions SecureServing *genericoptions.SecureServingOptions - InsecureServing *genericoptions.ServingOptions + InsecureServing *kubeoptions.InsecureServingOptions Audit *genericoptions.AuditLogOptions Features *genericoptions.FeatureOptions Authentication *kubeoptions.BuiltInAuthenticationOptions @@ -74,7 +74,7 @@ func NewServerRunOptions() *ServerRunOptions { GenericServerRunOptions: genericoptions.NewServerRunOptions(), Etcd: genericoptions.NewEtcdOptions(storagebackend.NewDefaultConfig(kubeoptions.DefaultEtcdPathPrefix, api.Scheme, nil)), SecureServing: kubeoptions.NewSecureServingOptions(), - InsecureServing: genericoptions.NewInsecureServingOptions(), + InsecureServing: kubeoptions.NewInsecureServingOptions(), Audit: genericoptions.NewAuditLogOptions(), Features: genericoptions.NewFeatureOptions(), Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(), diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 43879a345ec..609bfbcaf7d 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -66,6 +66,7 @@ import ( "k8s.io/kubernetes/pkg/kubeapiserver" kubeadmission "k8s.io/kubernetes/pkg/kubeapiserver/admission" kubeauthenticator "k8s.io/kubernetes/pkg/kubeapiserver/authenticator" + kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options" "k8s.io/kubernetes/pkg/master" "k8s.io/kubernetes/pkg/master/tunneler" "k8s.io/kubernetes/pkg/registry/cachesize" @@ -441,7 +442,11 @@ func BuildStorageFactory(s *options.ServerRunOptions) (*serverstorage.DefaultSto } func defaultOptions(s *options.ServerRunOptions) error { - if err := s.GenericServerRunOptions.DefaultAdvertiseAddress(s.SecureServing, s.InsecureServing); err != nil { + // set defaults + if err := s.GenericServerRunOptions.DefaultAdvertiseAddress(s.SecureServing); err != nil { + return err + } + if err := kubeoptions.DefaultAdvertiseAddress(s.GenericServerRunOptions, s.InsecureServing); err != nil { return err } _, apiServerServiceIP, err := master.DefaultServiceIPRange(s.ServiceClusterIPRange) diff --git a/federation/cmd/federation-apiserver/app/BUILD b/federation/cmd/federation-apiserver/app/BUILD index 27d578a0206..b5cf9574af5 100644 --- a/federation/cmd/federation-apiserver/app/BUILD +++ b/federation/cmd/federation-apiserver/app/BUILD @@ -41,6 +41,7 @@ go_library( "//pkg/generated/openapi:go_default_library", "//pkg/kubeapiserver:go_default_library", "//pkg/kubeapiserver/admission:go_default_library", + "//pkg/kubeapiserver/options:go_default_library", "//pkg/registry/autoscaling/horizontalpodautoscaler/storage:go_default_library", "//pkg/registry/batch/job/storage:go_default_library", "//pkg/registry/cachesize:go_default_library", diff --git a/federation/cmd/federation-apiserver/app/options/options.go b/federation/cmd/federation-apiserver/app/options/options.go index 3db6b050318..180e1b67b4d 100644 --- a/federation/cmd/federation-apiserver/app/options/options.go +++ b/federation/cmd/federation-apiserver/app/options/options.go @@ -36,7 +36,7 @@ type ServerRunOptions struct { GenericServerRunOptions *genericoptions.ServerRunOptions Etcd *genericoptions.EtcdOptions SecureServing *genericoptions.SecureServingOptions - InsecureServing *genericoptions.ServingOptions + InsecureServing *kubeoptions.InsecureServingOptions Audit *genericoptions.AuditLogOptions Features *genericoptions.FeatureOptions Authentication *kubeoptions.BuiltInAuthenticationOptions @@ -54,7 +54,7 @@ func NewServerRunOptions() *ServerRunOptions { GenericServerRunOptions: genericoptions.NewServerRunOptions(), Etcd: genericoptions.NewEtcdOptions(storagebackend.NewDefaultConfig(kubeoptions.DefaultEtcdPathPrefix, api.Scheme, nil)), SecureServing: kubeoptions.NewSecureServingOptions(), - InsecureServing: genericoptions.NewInsecureServingOptions(), + InsecureServing: kubeoptions.NewInsecureServingOptions(), Audit: genericoptions.NewAuditLogOptions(), Features: genericoptions.NewFeatureOptions(), Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(), diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index ac1e75df35d..f1cb004c7d1 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -45,6 +45,7 @@ import ( "k8s.io/kubernetes/pkg/generated/openapi" "k8s.io/kubernetes/pkg/kubeapiserver" kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission" + kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options" "k8s.io/kubernetes/pkg/registry/cachesize" "k8s.io/kubernetes/pkg/routes" "k8s.io/kubernetes/pkg/version" @@ -81,7 +82,10 @@ func Run(s *options.ServerRunOptions, stopCh <-chan struct{}) error { // stop with the given channel. func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { // set defaults - if err := s.GenericServerRunOptions.DefaultAdvertiseAddress(s.SecureServing, s.InsecureServing); err != nil { + if err := s.GenericServerRunOptions.DefaultAdvertiseAddress(s.SecureServing); err != nil { + return err + } + if err := kubeoptions.DefaultAdvertiseAddress(s.GenericServerRunOptions, s.InsecureServing); err != nil { return err } if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts(s.GenericServerRunOptions.AdvertiseAddress.String(), nil, nil); err != nil { diff --git a/pkg/kubeapiserver/options/BUILD b/pkg/kubeapiserver/options/BUILD index 71ba4caa865..011ae259c3c 100644 --- a/pkg/kubeapiserver/options/BUILD +++ b/pkg/kubeapiserver/options/BUILD @@ -28,8 +28,10 @@ go_library( "//pkg/kubeapiserver/authorizer:go_default_library", "//pkg/kubeapiserver/authorizer/modes:go_default_library", "//vendor:github.com/golang/glog", + "//vendor:github.com/pborman/uuid", "//vendor:github.com/spf13/pflag", "//vendor:k8s.io/apimachinery/pkg/runtime/schema", + "//vendor:k8s.io/apimachinery/pkg/util/net", "//vendor:k8s.io/apiserver/pkg/server", "//vendor:k8s.io/apiserver/pkg/server/options", "//vendor:k8s.io/apiserver/pkg/util/flag", diff --git a/pkg/kubeapiserver/options/serving.go b/pkg/kubeapiserver/options/serving.go index a7007d37d04..4b6e2b7d102 100644 --- a/pkg/kubeapiserver/options/serving.go +++ b/pkg/kubeapiserver/options/serving.go @@ -18,8 +18,15 @@ limitations under the License. package options import ( + "fmt" "net" + "strconv" + "github.com/pborman/uuid" + "github.com/spf13/pflag" + + utilnet "k8s.io/apimachinery/pkg/util/net" + "k8s.io/apiserver/pkg/server" genericoptions "k8s.io/apiserver/pkg/server/options" ) @@ -27,13 +34,101 @@ import ( // "normal" API servers running on the platform func NewSecureServingOptions() *genericoptions.SecureServingOptions { return &genericoptions.SecureServingOptions{ - ServingOptions: genericoptions.ServingOptions{ - BindAddress: net.ParseIP("0.0.0.0"), - BindPort: 6443, - }, + BindAddress: net.ParseIP("0.0.0.0"), + BindPort: 6443, ServerCert: genericoptions.GeneratableKeyCert{ PairName: "apiserver", CertDirectory: "/var/run/kubernetes", }, } } + +// DefaultAdvertiseAddress sets the field AdvertiseAddress if +// unset. The field will be set based on the SecureServingOptions. If +// the SecureServingOptions is not present, DefaultExternalAddress +// will fall back to the insecure ServingOptions. +func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *InsecureServingOptions) error { + if insecure == nil { + return nil + } + + if s.AdvertiseAddress == nil || s.AdvertiseAddress.IsUnspecified() { + hostIP, err := insecure.DefaultExternalAddress() + if err != nil { + return fmt.Errorf("Unable to find suitable network address.error='%v'. "+ + "Try to set the AdvertiseAddress directly or provide a valid BindAddress to fix this.", err) + } + s.AdvertiseAddress = hostIP + } + + return nil +} + +// InsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port. +// No one should be using these anymore. +type InsecureServingOptions struct { + BindAddress net.IP + BindPort int +} + +// NewInsecureServingOptions is for creating an unauthenticated, unauthorized, insecure port. +// No one should be using these anymore. +func NewInsecureServingOptions() *InsecureServingOptions { + return &InsecureServingOptions{ + BindAddress: net.ParseIP("127.0.0.1"), + BindPort: 8080, + } +} + +func (s InsecureServingOptions) Validate(portArg string) []error { + errors := []error{} + + if s.BindPort < 0 || s.BindPort > 65535 { + errors = append(errors, fmt.Errorf("--insecure-port %v must be between 0 and 65535, inclusive. 0 for turning off secure port.", s.BindPort)) + } + + return errors +} + +func (s *InsecureServingOptions) DefaultExternalAddress() (net.IP, error) { + return utilnet.ChooseBindAddress(s.BindAddress) +} + +func (s *InsecureServingOptions) AddFlags(fs *pflag.FlagSet) { + fs.IPVar(&s.BindAddress, "insecure-bind-address", s.BindAddress, ""+ + "The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). "+ + "Defaults to localhost.") + + fs.IntVar(&s.BindPort, "insecure-port", s.BindPort, ""+ + "The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed "+ + "that firewall rules are set up such that this port is not reachable from outside of "+ + "the cluster and that port 443 on the cluster's public address is proxied to this "+ + "port. This is performed by nginx in the default setup.") +} + +func (s *InsecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) { + fs.IPVar(&s.BindAddress, "address", s.BindAddress, + "DEPRECATED: see --insecure-bind-address instead.") + fs.MarkDeprecated("address", "see --insecure-bind-address instead.") + + fs.IntVar(&s.BindPort, "port", s.BindPort, "DEPRECATED: see --insecure-port instead.") + fs.MarkDeprecated("port", "see --insecure-port instead.") +} + +func (s *InsecureServingOptions) ApplyTo(c *server.Config) error { + if s.BindPort <= 0 { + return nil + } + + c.InsecureServingInfo = &server.ServingInfo{ + BindAddress: net.JoinHostPort(s.BindAddress.String(), strconv.Itoa(s.BindPort)), + } + + var err error + privilegedLoopbackToken := uuid.NewRandom().String() + if c.LoopbackClientConfig, err = c.InsecureServingInfo.NewLoopbackClientConfig(privilegedLoopbackToken); err != nil { + return err + } + + return nil +} diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/server_run_options.go b/staging/src/k8s.io/apiserver/pkg/server/options/server_run_options.go index 4d51ae072a2..81ce92b8a47 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/server_run_options.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/server_run_options.go @@ -71,29 +71,19 @@ func (s *ServerRunOptions) ApplyTo(c *server.Config) error { return nil } -// DefaultAdvertiseAddress sets the field AdvertiseAddress if -// unset. The field will be set based on the SecureServingOptions. If -// the SecureServingOptions is not present, DefaultExternalAddress -// will fall back to the insecure ServingOptions. -func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions, insecure *ServingOptions) error { - if s.AdvertiseAddress == nil || s.AdvertiseAddress.IsUnspecified() { - switch { - case secure != nil: - hostIP, err := secure.ServingOptions.DefaultExternalAddress() - if err != nil { - return fmt.Errorf("Unable to find suitable network address.error='%v'. "+ - "Try to set the AdvertiseAddress directly or provide a valid BindAddress to fix this.", err) - } - s.AdvertiseAddress = hostIP +// DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. +func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions) error { + if secure == nil { + return nil + } - case insecure != nil: - hostIP, err := insecure.DefaultExternalAddress() - if err != nil { - return fmt.Errorf("Unable to find suitable network address.error='%v'. "+ - "Try to set the AdvertiseAddress directly or provide a valid BindAddress to fix this.", err) - } - s.AdvertiseAddress = hostIP + if s.AdvertiseAddress == nil || s.AdvertiseAddress.IsUnspecified() { + hostIP, err := secure.DefaultExternalAddress() + if err != nil { + return fmt.Errorf("Unable to find suitable network address.error='%v'. "+ + "Try to set the AdvertiseAddress directly or provide a valid BindAddress to fix this.", err) } + s.AdvertiseAddress = hostIP } return nil diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go index c122d1e10d2..103a99c47a4 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go @@ -35,13 +35,9 @@ import ( certutil "k8s.io/client-go/util/cert" ) -type ServingOptions struct { +type SecureServingOptions struct { BindAddress net.IP BindPort int -} - -type SecureServingOptions struct { - ServingOptions ServingOptions // ServerCert is the TLS cert info for serving secure traffic ServerCert GeneratableKeyCert @@ -71,10 +67,8 @@ type GeneratableKeyCert struct { func NewSecureServingOptions() *SecureServingOptions { return &SecureServingOptions{ - ServingOptions: ServingOptions{ - BindAddress: net.ParseIP("0.0.0.0"), - BindPort: 443, - }, + BindAddress: net.ParseIP("0.0.0.0"), + BindPort: 443, ServerCert: GeneratableKeyCert{ PairName: "apiserver", CertDirectory: "apiserver.local.config/certificates", @@ -82,23 +76,27 @@ func NewSecureServingOptions() *SecureServingOptions { } } +func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error) { + return utilnet.ChooseBindAddress(s.BindAddress) +} + func (s *SecureServingOptions) Validate() []error { errors := []error{} - if s == nil { - return errors + + if s.BindPort < 0 || s.BindPort > 65535 { + errors = append(errors, fmt.Errorf("--secure-port %v must be between 0 and 65535, inclusive. 0 for turning off secure port.", s.BindPort)) } - errors = append(errors, s.ServingOptions.Validate("secure-port")...) return errors } func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) { - fs.IPVar(&s.ServingOptions.BindAddress, "bind-address", s.ServingOptions.BindAddress, ""+ + fs.IPVar(&s.BindAddress, "bind-address", s.BindAddress, ""+ "The IP address on which to listen for the --secure-port port. The "+ "associated interface(s) must be reachable by the rest of the cluster, and by CLI/web "+ "clients. If blank, all interfaces will be used (0.0.0.0).") - fs.IntVar(&s.ServingOptions.BindPort, "secure-port", s.ServingOptions.BindPort, ""+ + fs.IntVar(&s.BindPort, "secure-port", s.BindPort, ""+ "The port on which to serve HTTPS with authentication and authorization. If 0, "+ "don't serve HTTPS at all.") @@ -131,13 +129,13 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) { } func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) { - fs.IPVar(&s.ServingOptions.BindAddress, "public-address-override", s.ServingOptions.BindAddress, + fs.IPVar(&s.BindAddress, "public-address-override", s.BindAddress, "DEPRECATED: see --bind-address instead.") fs.MarkDeprecated("public-address-override", "see --bind-address instead.") } func (s *SecureServingOptions) ApplyTo(c *server.Config) error { - if s.ServingOptions.BindPort <= 0 { + if s.BindPort <= 0 { return nil } if err := s.applyServingInfoTo(c); err != nil { @@ -173,13 +171,13 @@ func (s *SecureServingOptions) ApplyTo(c *server.Config) error { } func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error { - if s.ServingOptions.BindPort <= 0 { + if s.BindPort <= 0 { return nil } secureServingInfo := &server.SecureServingInfo{ ServingInfo: server.ServingInfo{ - BindAddress: net.JoinHostPort(s.ServingOptions.BindAddress.String(), strconv.Itoa(s.ServingOptions.BindPort)), + BindAddress: net.JoinHostPort(s.BindAddress.String(), strconv.Itoa(s.BindPort)), }, } @@ -231,67 +229,7 @@ func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error { } c.SecureServingInfo = secureServingInfo - c.ReadWritePort = s.ServingOptions.BindPort - - return nil -} - -func NewInsecureServingOptions() *ServingOptions { - return &ServingOptions{ - BindAddress: net.ParseIP("127.0.0.1"), - BindPort: 8080, - } -} - -func (s ServingOptions) Validate(portArg string) []error { - errors := []error{} - - if s.BindPort < 0 || s.BindPort > 65535 { - errors = append(errors, fmt.Errorf("--%v %v must be between 0 and 65535, inclusive. 0 for turning off secure port.", portArg, s.BindPort)) - } - - return errors -} - -func (s *ServingOptions) DefaultExternalAddress() (net.IP, error) { - return utilnet.ChooseBindAddress(s.BindAddress) -} - -func (s *ServingOptions) AddFlags(fs *pflag.FlagSet) { - fs.IPVar(&s.BindAddress, "insecure-bind-address", s.BindAddress, ""+ - "The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). "+ - "Defaults to localhost.") - - fs.IntVar(&s.BindPort, "insecure-port", s.BindPort, ""+ - "The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed "+ - "that firewall rules are set up such that this port is not reachable from outside of "+ - "the cluster and that port 443 on the cluster's public address is proxied to this "+ - "port. This is performed by nginx in the default setup.") -} - -func (s *ServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) { - fs.IPVar(&s.BindAddress, "address", s.BindAddress, - "DEPRECATED: see --insecure-bind-address instead.") - fs.MarkDeprecated("address", "see --insecure-bind-address instead.") - - fs.IntVar(&s.BindPort, "port", s.BindPort, "DEPRECATED: see --insecure-port instead.") - fs.MarkDeprecated("port", "see --insecure-port instead.") -} - -func (s *ServingOptions) ApplyTo(c *server.Config) error { - if s.BindPort <= 0 { - return nil - } - - c.InsecureServingInfo = &server.ServingInfo{ - BindAddress: net.JoinHostPort(s.BindAddress.String(), strconv.Itoa(s.BindPort)), - } - - var err error - privilegedLoopbackToken := uuid.NewRandom().String() - if c.LoopbackClientConfig, err = c.InsecureServingInfo.NewLoopbackClientConfig(privilegedLoopbackToken); err != nil { - return err - } + c.ReadWritePort = s.BindPort return nil } @@ -301,7 +239,7 @@ func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress str return nil } keyCert := &s.ServerCert.CertKey - if s.ServingOptions.BindPort == 0 || len(keyCert.CertFile) != 0 || len(keyCert.KeyFile) != 0 { + if s.BindPort == 0 || len(keyCert.CertFile) != 0 || len(keyCert.KeyFile) != 0 { return nil } @@ -314,11 +252,11 @@ func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress str } if !canReadCertAndKey { // add either the bind address or localhost to the valid alternates - bindIP := s.ServingOptions.BindAddress.String() + bindIP := s.BindAddress.String() if bindIP == "0.0.0.0" { alternateDNS = append(alternateDNS, "localhost") } else { - alternateIPs = append(alternateIPs, s.ServingOptions.BindAddress) + alternateIPs = append(alternateIPs, s.BindAddress) } if cert, key, err := certutil.GenerateSelfSignedCertKey(publicAddress, alternateIPs, alternateDNS); err != nil { diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/serving_test.go b/staging/src/k8s.io/apiserver/pkg/server/options/serving_test.go index a13c618edcd..d746a5c7304 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/serving_test.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/serving_test.go @@ -459,10 +459,8 @@ NextTest: config.EnableIndex = true secureOptions := &SecureServingOptions{ - ServingOptions: ServingOptions{ - BindAddress: net.ParseIP("127.0.0.1"), - BindPort: 6443, - }, + BindAddress: net.ParseIP("127.0.0.1"), + BindPort: 6443, ServerCert: GeneratableKeyCert{ CertKey: CertKey{ CertFile: serverCertBundleFile, diff --git a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go index 388045c06fd..98a63dd0b10 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go @@ -96,7 +96,6 @@ func NewDefaultOptions(out, err io.Writer) *AggregatorOptions { StdOut: out, StdErr: err, } - o.RecommendedOptions.SecureServing.ServingOptions.BindPort = 443 return o }