talos

mirrors/talos

Fork 0

mirror of https://github.com/siderolabs/talos.git synced 2025-10-09 06:31:25 +02:00

Commit Graph

Author	SHA1	Message	Date
Andrey Smirnov	a941eb7da0	feat: improve security of Kubernetes control plane components Fixes #3765 See #3581 There are several changes: * `kube-controller-manager` insecure port is disabled * `kube-controller-manager` and `kube-scheduler` now listen securely only on localhost by default, this can be overridden with `--bind-addr` in extra args * `kube-controller-manager` and `kube-scheduler` now use kubeconfig with limited access role instead of admin one Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>	2021-06-18 10:21:45 -07:00

Author

SHA1

Message

Date

Andrey Smirnov

a941eb7da0

feat: improve security of Kubernetes control plane components

Fixes #3765

See #3581

There are several changes:

* `kube-controller-manager` insecure port is disabled
* `kube-controller-manager` and `kube-scheduler` now listen securely
only on localhost by default, this can be overridden with `--bind-addr`
in extra args
* `kube-controller-manager` and `kube-scheduler` now use kubeconfig with
limited access role instead of admin one

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>

2021-06-18 10:21:45 -07:00

1 Commits