Stop using kube-apiserver insecure-port
The tiller container in the armada bootstrap pod relies on the insecure port that kube-apiserver once listened on by default. The kube-apiserver ability to serve on an insecure port, deprecated since v1.10, has been removed in v1.20. [0] This change updates the armada bootstrap pod to use the secure port instead. 0: https://github.com/kubernetes/kubernetes/pull/95856 Change-Id: I6a37fa4e7f97c7aaa3cd0f61b56214483a7dc217
This commit is contained in:
parent
ef66d10a25
commit
fd9f3d6cec
|
@ -21,6 +21,8 @@ spec:
|
||||||
- env:
|
- env:
|
||||||
- name: TILLER_NAMESPACE
|
- name: TILLER_NAMESPACE
|
||||||
value: kube-system
|
value: kube-system
|
||||||
|
- name: KUBECONFIG
|
||||||
|
value: /etc/kubernetes/admin/config
|
||||||
image: {{ config['Genesis:images.helm.tiller'] }}
|
image: {{ config['Genesis:images.helm.tiller'] }}
|
||||||
command:
|
command:
|
||||||
- /tiller
|
- /tiller
|
||||||
|
@ -61,8 +63,13 @@ spec:
|
||||||
successThreshold: 1
|
successThreshold: 1
|
||||||
timeoutSeconds: 1
|
timeoutSeconds: 1
|
||||||
resources: {}
|
resources: {}
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
terminationMessagePath: /dev/termination-log
|
terminationMessagePath: /dev/termination-log
|
||||||
terminationMessagePolicy: File
|
terminationMessagePolicy: File
|
||||||
|
volumeMounts:
|
||||||
|
- name: auth
|
||||||
|
mountPath: /etc/kubernetes/admin
|
||||||
- name: armada
|
- name: armada
|
||||||
image: {{ config['Genesis:images.armada'] }}
|
image: {{ config['Genesis:images.armada'] }}
|
||||||
securityContext:
|
securityContext:
|
||||||
|
@ -149,7 +156,7 @@ spec:
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{% include "genesis-apiserver.yaml" with context %}
|
{% include "genesis-apiserver.yaml" with context %}
|
||||||
- --etcd-servers=https://localhost:12379
|
- --etcd-servers=https://localhost:12379
|
||||||
- --insecure-port=8080
|
- --insecure-port=0
|
||||||
- --secure-port=6444
|
- --secure-port=6444
|
||||||
- --endpoint-reconciler-type=none
|
- --endpoint-reconciler-type=none
|
||||||
env:
|
env:
|
||||||
|
|
Loading…
Reference in New Issue