Stop using kube-apiserver insecure-port
The tiller container in the armada bootstrap pod relies on the insecure port that kube-apiserver once listened on by default. The kube-apiserver ability to serve on an insecure port, deprecated since v1.10, has been removed in v1.20. [0] This change updates the armada bootstrap pod to use the secure port instead. 0: https://github.com/kubernetes/kubernetes/pull/95856 Change-Id: I6a37fa4e7f97c7aaa3cd0f61b56214483a7dc217
This commit is contained in:
parent
ef66d10a25
commit
fd9f3d6cec
|
@ -21,6 +21,8 @@ spec:
|
|||
- env:
|
||||
- name: TILLER_NAMESPACE
|
||||
value: kube-system
|
||||
- name: KUBECONFIG
|
||||
value: /etc/kubernetes/admin/config
|
||||
image: {{ config['Genesis:images.helm.tiller'] }}
|
||||
command:
|
||||
- /tiller
|
||||
|
@ -61,8 +63,13 @@ spec:
|
|||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
resources: {}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
volumeMounts:
|
||||
- name: auth
|
||||
mountPath: /etc/kubernetes/admin
|
||||
- name: armada
|
||||
image: {{ config['Genesis:images.armada'] }}
|
||||
securityContext:
|
||||
|
@ -149,7 +156,7 @@ spec:
|
|||
{%- endfor %}
|
||||
{% include "genesis-apiserver.yaml" with context %}
|
||||
- --etcd-servers=https://localhost:12379
|
||||
- --insecure-port=8080
|
||||
- --insecure-port=0
|
||||
- --secure-port=6444
|
||||
- --endpoint-reconciler-type=none
|
||||
env:
|
||||
|
|
Loading…
Reference in New Issue