Skip to content

kubeadm should not enable unsecure access to the API Server at localhost:8080 #181

New issue
New issue
Closed
Closed
kubeadm should not enable unsecure access to the API Server at localhost:8080#181
Assignees
luxas
Milestone
 
v1.6
@luxas

Description

@luxas
luxas
opened on Feb 24, 2017

As discussed with @liggitt @deads2k and @pires on Slack, kubeadm should not make the API Server listen on localhost:8080 insecurely with root access.

scheduler and controller-manager talks to the API Server with their own credentials (client certs), ref: kubernetes/kubernetes#41897

For normal admin users, /etc/kubernetes/admin.conf, a KubeConfig file is generated with full access to the cluster.

This will dramatically reduce the attack area.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions