Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use secure port for scheduler and controller-manager liveness probe #1327

Closed
joshrosso opened this issue Dec 18, 2018 · 6 comments · Fixed by kubernetes/kubernetes#85043
Closed

Use secure port for scheduler and controller-manager liveness probe #1327

joshrosso opened this issue Dec 18, 2018 · 6 comments · Fixed by kubernetes/kubernetes#85043
Assignees
@neolit123
Labels
area/security kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@joshrosso
Copy link

Feature request:

Since 1.13, kube-controller-manager and kube-scheduler expose secure ports and marked insecure ports as deprecated.

scheduler: kubernetes/kubernetes#69663

change: 1.13
enable secure port: 10259
deprecate old port: 10251

controller-manager: kubernetes/kubernetes#67069

change: 1.12
enable secure port: 10257
deprecate old port: 10252

We should use the secure ports as the default the livenessProbes going forward. I have this fixed in a fork and will open a PR.

Versions

kubeadm version

kubeadm version: &version.Info{Major:"1", Minor:"14+", GitVersion:"v1.14.0-alpha.0.1048+21904a5f7d38b1", GitCommit:"21904a5f7d38b1054edad36f3b05b0d7bd556d08", GitTreeState:"clean", BuildDate:"2018-12-18T01:09:09Z", GoVersion:"go1.11.3", Compiler:"gc", Platform:"linux/amd64"}
@neolit123 neolit123 added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. area/security priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. labels Dec 18, 2018
@neolit123 neolit123 added this to the v1.14 milestone Dec 18, 2018
@joshrosso joshrosso mentioned this issue Dec 18, 2018
Closed
@luxas
Copy link
Member

luxas commented Dec 20, 2018

Closing this as a duplicate of #1285

@luxas luxas closed this as completed Dec 20, 2018
@rosti
Copy link

rosti commented Oct 31, 2019

#1285 was about enabling secure serving, this is about redirecting the liveness probes to the secure ports. As of today, everything in #1285 is done, but the liveness probes are still working with HTTP.
/reopen

@k8s-ci-robot k8s-ci-robot reopened this Oct 31, 2019
@k8s-ci-robot
Copy link
Contributor

@rosti: Reopened this issue.

In response to this:

#1285 was about enabling secure serving, this is about redirecting the liveness probes to the secure ports. As of today, everything in #1285 is done, but the liveness probes are still working with HTTP.
/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rosti
Copy link

rosti commented Oct 31, 2019

This one can be thorny - definitely not a good first issue!
/remove-good-first-issue

@k8s-ci-robot k8s-ci-robot removed the good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. label Oct 31, 2019
@yastij
Copy link
Member

yastij commented Oct 31, 2019

/assign
/remove-help

@k8s-ci-robot k8s-ci-robot removed the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Oct 31, 2019
@neolit123 neolit123 modified the milestones: v1.14, v1.17 Oct 31, 2019
@neolit123 neolit123 mentioned this issue Nov 9, 2019
Merged
@neolit123 neolit123 assigned neolit123 and unassigned yastij Nov 9, 2019
@neolit123 neolit123 added the lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. label Nov 9, 2019
@neolit123
Copy link
Member

@yastij i've sent a PR for this kubernetes/kubernetes#85043

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neolit123 neolit123

Labels
area/security kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
No milestone
6 participants
@neolit123 @rosti @luxas @joshrosso @yastij @k8s-ci-robot