From c443f921a1686f4cd4830172c3ca984672af41d6 Mon Sep 17 00:00:00 2001 From: Suraj Deshmukh Date: Wed, 12 Feb 2020 14:27:01 +0530 Subject: [PATCH] kubelet: Don't listen on unused health port * This port is not used in Lokomotive for anything, so rather close it. Signed-off-by: Suraj Deshmukh --- aws/flatcar-linux/kubernetes/cl/controller.yaml.tmpl | 1 + aws/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl | 1 + azure/flatcar-linux/kubernetes/cl/controller.yaml.tmpl | 1 + azure/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl | 1 + bare-metal/flatcar-linux/kubernetes/cl/controller.yaml.tmpl | 1 + bare-metal/flatcar-linux/kubernetes/cl/worker.yaml.tmpl | 1 + google-cloud/flatcar-linux/kubernetes/cl/controller.yaml.tmpl | 1 + .../flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl | 1 + kvm-libvirt/flatcar-linux/kubernetes/cl/controller.yaml.tmpl | 1 + kvm-libvirt/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl | 1 + packet/flatcar-linux/kubernetes/cl/controller.yaml.tmpl | 1 + packet/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl | 1 + 12 files changed, 12 insertions(+) diff --git a/aws/flatcar-linux/kubernetes/cl/controller.yaml.tmpl b/aws/flatcar-linux/kubernetes/cl/controller.yaml.tmpl index 498959ba..da8a905e 100644 --- a/aws/flatcar-linux/kubernetes/cl/controller.yaml.tmpl +++ b/aws/flatcar-linux/kubernetes/cl/controller.yaml.tmpl @@ -86,6 +86,7 @@ systemd: --cni-conf-dir=/etc/kubernetes/cni/net.d \ --config=/etc/kubernetes/kubelet.config \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \ diff --git a/aws/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl b/aws/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl index ba6e2650..21d6013d 100644 --- a/aws/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/aws/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -62,6 +62,7 @@ systemd: --cni-conf-dir=/etc/kubernetes/cni/net.d \ --config=/etc/kubernetes/kubelet.config \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \ diff --git a/azure/flatcar-linux/kubernetes/cl/controller.yaml.tmpl b/azure/flatcar-linux/kubernetes/cl/controller.yaml.tmpl index ec2e6cee..1ddf64f8 100644 --- a/azure/flatcar-linux/kubernetes/cl/controller.yaml.tmpl +++ b/azure/flatcar-linux/kubernetes/cl/controller.yaml.tmpl @@ -82,6 +82,7 @@ systemd: --cluster_domain=${cluster_domain_suffix} \ --cni-conf-dir=/etc/kubernetes/cni/net.d \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \ diff --git a/azure/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl b/azure/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl index c0afef9e..a45c6ff9 100644 --- a/azure/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/azure/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -60,6 +60,7 @@ systemd: --cluster_domain=${cluster_domain_suffix} \ --cni-conf-dir=/etc/kubernetes/cni/net.d \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \ diff --git a/bare-metal/flatcar-linux/kubernetes/cl/controller.yaml.tmpl b/bare-metal/flatcar-linux/kubernetes/cl/controller.yaml.tmpl index 377ebdf5..edb247fb 100644 --- a/bare-metal/flatcar-linux/kubernetes/cl/controller.yaml.tmpl +++ b/bare-metal/flatcar-linux/kubernetes/cl/controller.yaml.tmpl @@ -94,6 +94,7 @@ systemd: --cluster_domain=${cluster_domain_suffix} \ --cni-conf-dir=/etc/kubernetes/cni/net.d \ --exit-on-lock-contention \ + --healthz-port=0 \ --hostname-override=${domain_name} \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ diff --git a/bare-metal/flatcar-linux/kubernetes/cl/worker.yaml.tmpl b/bare-metal/flatcar-linux/kubernetes/cl/worker.yaml.tmpl index e3b774f5..343605df 100644 --- a/bare-metal/flatcar-linux/kubernetes/cl/worker.yaml.tmpl +++ b/bare-metal/flatcar-linux/kubernetes/cl/worker.yaml.tmpl @@ -67,6 +67,7 @@ systemd: --cluster_domain=${cluster_domain_suffix} \ --cni-conf-dir=/etc/kubernetes/cni/net.d \ --exit-on-lock-contention \ + --healthz-port=0 \ --hostname-override=${domain_name} \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ diff --git a/google-cloud/flatcar-linux/kubernetes/cl/controller.yaml.tmpl b/google-cloud/flatcar-linux/kubernetes/cl/controller.yaml.tmpl index 0c911c27..fb02d40a 100644 --- a/google-cloud/flatcar-linux/kubernetes/cl/controller.yaml.tmpl +++ b/google-cloud/flatcar-linux/kubernetes/cl/controller.yaml.tmpl @@ -83,6 +83,7 @@ systemd: --cluster_domain=${cluster_domain_suffix} \ --cni-conf-dir=/etc/kubernetes/cni/net.d \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl b/google-cloud/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl index dd8e935d..181f94b5 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/google-cloud/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -56,6 +56,7 @@ systemd: --cluster_domain=${cluster_domain_suffix} \ --cni-conf-dir=/etc/kubernetes/cni/net.d \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \ diff --git a/kvm-libvirt/flatcar-linux/kubernetes/cl/controller.yaml.tmpl b/kvm-libvirt/flatcar-linux/kubernetes/cl/controller.yaml.tmpl index 42f1d03f..c0bc8184 100644 --- a/kvm-libvirt/flatcar-linux/kubernetes/cl/controller.yaml.tmpl +++ b/kvm-libvirt/flatcar-linux/kubernetes/cl/controller.yaml.tmpl @@ -84,6 +84,7 @@ systemd: --cni-conf-dir=/etc/kubernetes/cni/net.d \ --config=/etc/kubernetes/kubelet.config \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --hostname-override=${etcd_domain} \ diff --git a/kvm-libvirt/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl b/kvm-libvirt/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl index f8a6558a..deb0809c 100644 --- a/kvm-libvirt/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/kvm-libvirt/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -63,6 +63,7 @@ systemd: --cni-conf-dir=/etc/kubernetes/cni/net.d \ --config=/etc/kubernetes/kubelet.config \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \ diff --git a/packet/flatcar-linux/kubernetes/cl/controller.yaml.tmpl b/packet/flatcar-linux/kubernetes/cl/controller.yaml.tmpl index 3744e195..6156a630 100644 --- a/packet/flatcar-linux/kubernetes/cl/controller.yaml.tmpl +++ b/packet/flatcar-linux/kubernetes/cl/controller.yaml.tmpl @@ -102,6 +102,7 @@ systemd: --cni-conf-dir=/etc/kubernetes/cni/net.d \ --config=/etc/kubernetes/kubelet.config \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \ diff --git a/packet/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl b/packet/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl index b240bb49..93beec44 100644 --- a/packet/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/packet/flatcar-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -89,6 +89,7 @@ systemd: --cni-conf-dir=/etc/kubernetes/cni/net.d \ --config=/etc/kubernetes/kubelet.config \ --exit-on-lock-contention \ + --healthz-port=0 \ --kubeconfig=/etc/kubernetes/kubeconfig \ --lock-file=/var/run/lock/kubelet.lock \ --network-plugin=cni \