diff --git a/cmd/cloud-controller-manager/app/options/options.go b/cmd/cloud-controller-manager/app/options/options.go index e6081b0ea26..f3f602424e9 100644 --- a/cmd/cloud-controller-manager/app/options/options.go +++ b/cmd/cloud-controller-manager/app/options/options.go @@ -102,10 +102,7 @@ func NewCloudControllerManagerOptions() (*CloudControllerManagerOptions, error) s.SecureServing.ServerCert.CertDirectory = "/var/run/kubernetes" s.SecureServing.ServerCert.PairName = "cloud-controller-manager" - - // disable secure serving for now - // TODO: enable HTTPS by default - s.SecureServing.BindPort = 0 + s.SecureServing.BindPort = ports.CloudControllerManagerPort return &s, nil } @@ -263,6 +260,10 @@ func (o *CloudControllerManagerOptions) Config() (*cloudcontrollerconfig.Config, return nil, err } + if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil { + return nil, fmt.Errorf("error creating self-signed certificates: %v", err) + } + c := &cloudcontrollerconfig.Config{} if err := o.ApplyTo(c, CloudControllerManagerUserAgent); err != nil { return nil, err diff --git a/pkg/master/ports/ports.go b/pkg/master/ports/ports.go index 9fee96fcbe4..19207a1012b 100644 --- a/pkg/master/ports/ports.go +++ b/pkg/master/ports/ports.go @@ -32,6 +32,7 @@ const ( InsecureKubeControllerManagerPort = 10252 // InsecureCloudControllerManagerPort is the default port for the cloud controller manager server. // This value may be overridden by a flag at startup. + // Deprecated: use the secure CloudControllerManagerPort instead. InsecureCloudControllerManagerPort = 10253 // KubeletReadOnlyPort exposes basic read-only services from the kubelet. // May be overridden by a flag at startup. @@ -45,4 +46,7 @@ const ( // KubeControllerManagerPort is the default port for the controller manager status server. // May be overridden by a flag at startup. KubeControllerManagerPort = 10257 + // CloudControllerManagerPort is the default port for the cloud controller manager server. + // This value may be overridden by a flag at startup. + CloudControllerManagerPort = 10258 )