From da808767b7c01dd0f779d7dabd09ae3c528a62a2 Mon Sep 17 00:00:00 2001 From: jornshen Date: Fri, 27 Nov 2020 15:21:47 +0800 Subject: [PATCH] local-up-cluster kubelet option opening readonly port --- hack/local-up-cluster.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh index f1296aa222a3e..3f1a9f3d96221 100755 --- a/hack/local-up-cluster.sh +++ b/hack/local-up-cluster.sh @@ -222,6 +222,8 @@ KUBELET_HOST=${KUBELET_HOST:-"127.0.0.1"} # By default only allow CORS for requests on localhost API_CORS_ALLOWED_ORIGINS=${API_CORS_ALLOWED_ORIGINS:-/127.0.0.1(:[0-9]+)?$,/localhost(:[0-9]+)?$} KUBELET_PORT=${KUBELET_PORT:-10250} +# By default we use 0(close it) for it's insecure +KUBELET_READ_ONLY_PORT=${KUBELET_READ_ONLY_PORT:-0} LOG_LEVEL=${LOG_LEVEL:-3} # Use to increase verbosity on particular files, e.g. LOG_SPEC=token_controller*=5,other_controller*=4 LOG_SPEC=${LOG_SPEC:-""} @@ -781,6 +783,7 @@ enableControllerAttachDetach: ${ENABLE_CONTROLLER_ATTACH_DETACH} evictionPressureTransitionPeriod: "${EVICTION_PRESSURE_TRANSITION_PERIOD}" failSwapOn: ${FAIL_SWAP_ON} port: ${KUBELET_PORT} +readOnlyPort: ${KUBELET_READ_ONLY_PORT} rotateCertificates: true runtimeRequestTimeout: "${RUNTIME_REQUEST_TIMEOUT}" staticPodPath: "${POD_MANIFEST_PATH}"