mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-27 03:44:04 +00:00
0b3af19ef0
Automatic merge from submit-queue (batch tested with PRs 64140, 64898, 65022, 65037, 65027). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add e2e regression tests for the kubelet being secure **What this PR does / why we need it**: This PR does, 1. The kubelet cAdvisor port (4194) can't be reached, neither via the API server proxy nor directly on the public IP address 2. The kubelet read-only port (10255) can't be reached, neither via the API server proxy nor directly on the public IP address 3. The kubelet can delegate ServiceAccount tokens to the API server 4. The kubelet's main port (10250) has both authentication (should fail with no credentials) and authorization (should fail with insufficient permissions) set-up **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes kubernetes/kubeadm#838 **Special notes for your reviewer**: /cc luxas tallclair **Release note**: ```release-note Add e2e regression tests for the kubelet being secure ```