From fb511056791b543358f431f713bde79450a98348 Mon Sep 17 00:00:00 2001 From: Christian Schlotter Date: Tue, 16 Sep 2025 15:52:15 +0200 Subject: [PATCH] ccm: disable unused secure-serving port and webhook --- pkg/cloud/aws/assets/deployment.yaml | 1 + .../azure/assets/cloud-controller-manager-deployment.yaml | 3 ++- .../azurestack/assets/cloud-controller-manager-deployment.yaml | 3 ++- pkg/cloud/gcp/assets/cloud-controller-manager.yaml | 3 ++- .../nutanix/assets/cloud-controller-manager-deployment.yaml | 3 ++- pkg/cloud/openstack/assets/deployment.yaml | 3 ++- .../vsphere/assets/cloud-controller-manager-deployment.yaml | 3 ++- 7 files changed, 13 insertions(+), 6 deletions(-) diff --git a/pkg/cloud/aws/assets/deployment.yaml b/pkg/cloud/aws/assets/deployment.yaml index 5a4a713f7..4f86c2b31 100644 --- a/pkg/cloud/aws/assets/deployment.yaml +++ b/pkg/cloud/aws/assets/deployment.yaml @@ -43,6 +43,7 @@ spec: --leader-elect-renew-deadline=107s \ --leader-elect-retry-period=26s \ --leader-elect-resource-namespace=openshift-cloud-controller-manager \ + --secure-port=0 \ -v=2 env: - name: CLOUD_CONFIG diff --git a/pkg/cloud/azure/assets/cloud-controller-manager-deployment.yaml b/pkg/cloud/azure/assets/cloud-controller-manager-deployment.yaml index 8f0a366c8..bc201bb1a 100644 --- a/pkg/cloud/azure/assets/cloud-controller-manager-deployment.yaml +++ b/pkg/cloud/azure/assets/cloud-controller-manager-deployment.yaml @@ -121,7 +121,8 @@ spec: --leader-elect-lease-duration=137s \ --leader-elect-renew-deadline=107s \ --leader-elect-retry-period=26s \ - --leader-elect-resource-namespace=openshift-cloud-controller-manager + --leader-elect-resource-namespace=openshift-cloud-controller-manager \ + --secure-port=0 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: host-etc-kube diff --git a/pkg/cloud/azurestack/assets/cloud-controller-manager-deployment.yaml b/pkg/cloud/azurestack/assets/cloud-controller-manager-deployment.yaml index f8a9c1fce..3dac51a16 100644 --- a/pkg/cloud/azurestack/assets/cloud-controller-manager-deployment.yaml +++ b/pkg/cloud/azurestack/assets/cloud-controller-manager-deployment.yaml @@ -113,7 +113,8 @@ spec: --leader-elect-lease-duration=137s \ --leader-elect-renew-deadline=107s \ --leader-elect-retry-period=26s \ - --leader-elect-resource-namespace=openshift-cloud-controller-manager + --leader-elect-resource-namespace=openshift-cloud-controller-manager \ + --secure-port=0 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: host-etc-kube diff --git a/pkg/cloud/gcp/assets/cloud-controller-manager.yaml b/pkg/cloud/gcp/assets/cloud-controller-manager.yaml index 62bf5f279..452d9065a 100644 --- a/pkg/cloud/gcp/assets/cloud-controller-manager.yaml +++ b/pkg/cloud/gcp/assets/cloud-controller-manager.yaml @@ -95,7 +95,8 @@ spec: --leader-elect-lease-duration=137s \ --leader-elect-renew-deadline=107s \ --leader-elect-retry-period=26s \ - --leader-elect-resource-namespace=openshift-cloud-controller-manager + --leader-elect-resource-namespace=openshift-cloud-controller-manager \ + --secure-port=0 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: host-etc-kube diff --git a/pkg/cloud/nutanix/assets/cloud-controller-manager-deployment.yaml b/pkg/cloud/nutanix/assets/cloud-controller-manager-deployment.yaml index 809da466c..182b8a601 100644 --- a/pkg/cloud/nutanix/assets/cloud-controller-manager-deployment.yaml +++ b/pkg/cloud/nutanix/assets/cloud-controller-manager-deployment.yaml @@ -98,7 +98,8 @@ spec: --leader-elect-renew-deadline=107s \ --leader-elect-retry-period=26s \ --leader-elect-resource-namespace=openshift-cloud-controller-manager \ - --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ + --secure-port=0 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: nutanix-config diff --git a/pkg/cloud/openstack/assets/deployment.yaml b/pkg/cloud/openstack/assets/deployment.yaml index 74ec43001..52175f58e 100644 --- a/pkg/cloud/openstack/assets/deployment.yaml +++ b/pkg/cloud/openstack/assets/deployment.yaml @@ -78,7 +78,8 @@ spec: --leader-elect-renew-deadline=107s \ --leader-elect-retry-period=26s \ --leader-elect-resource-namespace=openshift-cloud-controller-manager \ - --feature-gates={{ .featureGates }} + --feature-gates={{ .featureGates }} \ + --secure-port=0 ports: - containerPort: 10258 name: https diff --git a/pkg/cloud/vsphere/assets/cloud-controller-manager-deployment.yaml b/pkg/cloud/vsphere/assets/cloud-controller-manager-deployment.yaml index 19a7e6a43..c7b2ffea5 100644 --- a/pkg/cloud/vsphere/assets/cloud-controller-manager-deployment.yaml +++ b/pkg/cloud/vsphere/assets/cloud-controller-manager-deployment.yaml @@ -99,7 +99,8 @@ spec: --leader-elect-retry-period=26s \ --leader-elect-resource-namespace=openshift-cloud-controller-manager \ --feature-gates={{ .featureGates }} \ - --use-service-account-credentials=true + --use-service-account-credentials=true \ + --secure-port=0 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: host-etc-kube