commit | 42553cd044d8f360acc136d04ac2111b016bcafc | [log] [tgz] |
---|---|---|
author | Sergiusz Bazanski <q3k@hackerspace.pl> | Mon Sep 02 16:29:53 2019 +0200 |
committer | Sergiusz Bazanski <q3k@hackerspace.pl> | Mon Sep 02 16:33:02 2019 +0200 |
tree | 75a070b71dc3dfaf7b3a37f50d3c508d3a71f997 | |
parent | 896926c9214b981c74571f464bd422ca577c49d9 [diff] |
cluster: disable unauthenticated read only port on kubelets This port was leaking kubelet state, including information on running pods. No secrets were leaked (if they were not text-pasted into env/args), but this still shouldn't be available. As far as I can tell, nothing depends on this port, other than some enterprise load balancers that require HTTP for node 'health' checks. Change-Id: I9549b73e0168fe3ea4dce43cbe8fdc2ca4575961