From f66513d98a7759ece08b67e0c173f30a96b5591e Mon Sep 17 00:00:00 2001 From: "Lubomir I. Ivanov" Date: Wed, 1 Jul 2020 22:17:46 +0300 Subject: [PATCH] kubeadm: add --port=0 for kube-controller-manager and kube-scheduler Kubeadm setup of kube-controller-manager and kube-scheduler is lacking the --port=0 option which caused the component to enable the insecure port by default and serve insecurely on the default node interface. Add --port=0 by default to both components. Users are still allowed the explicitly set the flag (via extraArgs), which allows them to override this default kubeadm behavior and enable the insecure port. NOTE: the flag is deprecated and should be removed from kubeadm manifests once it's removed from core. --- cmd/kubeadm/app/phases/controlplane/manifests.go | 2 ++ cmd/kubeadm/app/phases/controlplane/manifests_test.go | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/cmd/kubeadm/app/phases/controlplane/manifests.go b/cmd/kubeadm/app/phases/controlplane/manifests.go index 55dd08ae450..5091c364aeb 100644 --- a/cmd/kubeadm/app/phases/controlplane/manifests.go +++ b/cmd/kubeadm/app/phases/controlplane/manifests.go @@ -322,6 +322,7 @@ func getControllerManagerCommand(cfg *kubeadmapi.ClusterConfiguration) []string caFile := filepath.Join(cfg.CertificatesDir, kubeadmconstants.CACertName) defaultArguments := map[string]string{ + "port": "0", "bind-address": "127.0.0.1", "leader-elect": "true", "kubeconfig": kubeconfigFile, @@ -392,6 +393,7 @@ func getControllerManagerCommand(cfg *kubeadmapi.ClusterConfiguration) []string func getSchedulerCommand(cfg *kubeadmapi.ClusterConfiguration) []string { kubeconfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.SchedulerKubeConfigFileName) defaultArguments := map[string]string{ + "port": "0", "bind-address": "127.0.0.1", "leader-elect": "true", "kubeconfig": kubeconfigFile, diff --git a/cmd/kubeadm/app/phases/controlplane/manifests_test.go b/cmd/kubeadm/app/phases/controlplane/manifests_test.go index d7592bec07c..6baf680414c 100644 --- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go +++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go @@ -588,6 +588,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -612,6 +613,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -636,6 +638,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -665,6 +668,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -696,6 +700,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -726,6 +731,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -758,6 +764,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -792,6 +799,7 @@ func TestGetControllerManagerCommand(t *testing.T) { }, expected: []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -941,6 +949,7 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) { expectedArgFunc: func(tmpdir string) []string { return []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -970,6 +979,7 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) { expectedArgFunc: func(tmpdir string) []string { return []string{ "kube-controller-manager", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", @@ -1031,6 +1041,7 @@ func TestGetSchedulerCommand(t *testing.T) { cfg: &kubeadmapi.ClusterConfiguration{}, expected: []string{ "kube-scheduler", + "--port=0", "--bind-address=127.0.0.1", "--leader-elect=true", "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",