From 48730c0f1214a80d50ac948d775d79a00a27297a Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 9 Jan 2019 20:50:57 -0800 Subject: [PATCH] Probe kube-scheduler and kube-controller-manager HTTPS ports * Disable kube-scheduler and kube-controller-manager HTTP ports --- resources/manifests/kube-controller-manager.yaml | 4 +++- resources/manifests/kube-scheduler.yaml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/resources/manifests/kube-controller-manager.yaml b/resources/manifests/kube-controller-manager.yaml index 9ee3971..eb02de4 100644 --- a/resources/manifests/kube-controller-manager.yaml +++ b/resources/manifests/kube-controller-manager.yaml @@ -51,13 +51,15 @@ spec: - --cluster-signing-key-file=/etc/kubernetes/secrets/ca.key - --configure-cloud-routes=false - --leader-elect=true + - --port=0 - --flex-volume-plugin-dir=/var/lib/kubelet/volumeplugins - --root-ca-file=/etc/kubernetes/secrets/ca.crt - --service-account-private-key-file=/etc/kubernetes/secrets/service-account.key livenessProbe: httpGet: + scheme: HTTPS path: /healthz - port: 10252 # Note: Using default port. Update if --port option is set differently. + port: 10257 initialDelaySeconds: 15 timeoutSeconds: 15 volumeMounts: diff --git a/resources/manifests/kube-scheduler.yaml b/resources/manifests/kube-scheduler.yaml index 4b23f5a..7837103 100644 --- a/resources/manifests/kube-scheduler.yaml +++ b/resources/manifests/kube-scheduler.yaml @@ -53,9 +53,11 @@ spec: - ./hyperkube - scheduler - --leader-elect=true + - --port=0 livenessProbe: httpGet: + scheme: HTTPS path: /healthz - port: 10251 # Note: Using default port. Update if --port option is set differently. + port: 10259 initialDelaySeconds: 15 timeoutSeconds: 15