Hi,
I have a Kubernetes cluster, and currently the kubelet listens on two
ports: 10250 and 10255, if I understand correctly, 10250 serves https and
10255 serves http. Now I can always run the following command to access
kubelet:
curl http://<node-IP>:10255/spec/
And and this command even for the https port:
curl --insecure https://<node-IP>:10250/spec/
This is not secure to me, I do not want to expose http port, so I think I
should start kubelet with the flag "--read-only-port=0" to disable 10255,
and for the https port (10250), I do not want anonymous user to access it,
and in the meantime I still want kube-apiserver can access kubelet (e.g.,
when I run "kubectl logs ...", kube-apiserver can still talk to kubelet to
get logs), and I also want Heapster (running as a deployment in my
Kubernetes cluster) can still access kubelet to get metrics. Can anyone
please let me know what else flags I should specify to start kubelet?
Thanks,
Qian
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
