kubeadm should not enable unsecure access to the API Server at localhost:8080 #181
Assignees
Milestone
Comments
k8s-github-robot
pushed a commit
to kubernetes/kubernetes
that referenced
this issue
Mar 1, 2017
Automatic merge from submit-queue kubeadm: Turn off insecure apiserver access on localhost:8080 **What this PR does / why we need it**: ref: kubernetes/kubeadm#181 depends on: #41897 **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note Insecure access to the API Server at localhost:8080 will be turned off in v1.6 when using kubeadm ``` @jbeda @liggitt @deads2k @pires @lukemarsden @mikedanese @errordeveloper
|
Fixed with kubernetes/kubernetes#42066 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As discussed with @liggitt @deads2k and @pires on Slack, kubeadm should not make the API Server listen on
localhost:8080insecurely with root access.scheduler and controller-manager talks to the API Server with their own credentials (client certs), ref: kubernetes/kubernetes#41897
For normal admin users,
/etc/kubernetes/admin.conf, a KubeConfig file is generated with full access to the cluster.This will dramatically reduce the attack area.
The text was updated successfully, but these errors were encountered: