Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop talking to the kubelet unsecured port #3242

Open
bboreham opened this issue Jun 28, 2018 · 2 comments
Open

Stop talking to the kubelet unsecured port #3242

bboreham opened this issue Jun 28, 2018 · 2 comments
Labels
chore Related to fix/refinement/improvement of end user or new/existing developer functionality estimate/hours It will take less than 8 hours to implement good-first-issue Indicates a good issue for first-time contributors help-wanted An issue that would be good for non-maintainers to attempt k8s Pertains to integration with Kubernetes

Comments

@bboreham
Copy link
Collaborator

When running under Kubernetes, the probe will try to talk to kubelet on 10255, unsecured, if it doesn't know the node name. We should not assume unsecured access.

There is a secured port at 10250; probably we have access to credentials. Or we could just remove that code and insist on knowing the node name.

Kubeadm removes the unsecured port by default: kubernetes/kubernetes#64187

This is possibly the underlying issue for #3104 (OpenShift)
@bboreham bboreham added chore Related to fix/refinement/improvement of end user or new/existing developer functionality estimate/hours It will take less than 8 hours to implement good-first-issue Indicates a good issue for first-time contributors labels Jun 28, 2018
@rade rade added the k8s Pertains to integration with Kubernetes label Jun 29, 2018
@2opremio 2opremio self-assigned this Jul 3, 2018
@bboreham bboreham mentioned this issue Oct 11, 2018
Merged
@SaberYoun6
Copy link

I was wonder how can I assist in you solving your problem?

@bboreham
Copy link
Collaborator Author

@yuriprym I'm not clear what kind of advice you need.
Given other developments it's probably best to remove the code that talks to kubelet and rely on filtering by node name (if per-node reporting is still enabled). So the main work is in checking the system still works, and considering how to warn the user if they don't supply a node name.

@satyamz satyamz added help-wanted An issue that would be good for non-maintainers to attempt and removed hacktoberfest labels Nov 16, 2018
@CiMaol CiMaol mentioned this issue Mar 10, 2020
Merged
@crigertg crigertg mentioned this issue Dec 5, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chore Related to fix/refinement/improvement of end user or new/existing developer functionality estimate/hours It will take less than 8 hours to implement good-first-issue Indicates a good issue for first-time contributors help-wanted An issue that would be good for non-maintainers to attempt k8s Pertains to integration with Kubernetes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@rade @fbarl @dholbach @2opremio @satyamz @bboreham @SaberYoun6