Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 42553cd044d8f360acc136d04ac2111b016bcafc
commit42553cd044d8f360acc136d04ac2111b016bcafc[log] [tgz]
authorSergiusz Bazanski <q3k@hackerspace.pl>Mon Sep 02 16:29:53 2019 +0200
committerSergiusz Bazanski <q3k@hackerspace.pl>Mon Sep 02 16:33:02 2019 +0200
tree75a070b71dc3dfaf7b3a37f50d3c508d3a71f997
parent896926c9214b981c74571f464bd422ca577c49d9 [diff]
cluster: disable unauthenticated read only port on kubelets

This port was leaking kubelet state, including information on running
pods. No secrets were leaked (if they were not text-pasted into
env/args), but this still shouldn't be available.

As far as I can tell, nothing depends on this port, other than some
enterprise load balancers that require HTTP for node 'health' checks.

Change-Id: I9549b73e0168fe3ea4dce43cbe8fdc2ca4575961
1 file changed
tree: 75a070b71dc3dfaf7b3a37f50d3c508d3a71f997
  1. app/
  2. bgpwtf/
  3. bzl/
  4. cluster/
  5. dc/
  6. devtools/
  7. gcp/
  8. go/
  9. hswaw/
  10. kube/
  11. personal/
  12. pip/
  13. tools/
  14. .bazelrc
  15. .gitignore
  16. BUILD
  17. COPYING
  18. env.sh
  19. README
  20. WORKSPACE