scope icon indicating copy to clipboard operation
scope copied to clipboard

Published 20 hours ago verified publisher icon weaveworks

Stop talking to the kubelet unsecured port

Open bboreham opened this issue 7 years ago • 2 comments

When running under Kubernetes, the probe will try to talk to kubelet on 10255, unsecured, if it doesn't know the node name. We should not assume unsecured access.

There is a secured port at 10250; probably we have access to credentials. Or we could just remove that code and insist on knowing the node name.

Kubeadm removes the unsecured port by default: https://github.com/kubernetes/kubernetes/pull/64187

This is possibly the underlying issue for #3104 (OpenShift)

bboreham avatar Jun 28 '18 09:06 bboreham

I was wonder how can I assist in you solving your problem?

SaberYoun6 avatar Oct 15 '18 03:10 SaberYoun6

@yuriprym I'm not clear what kind of advice you need. Given other developments it's probably best to remove the code that talks to kubelet and rely on filtering by node name (if per-node reporting is still enabled). So the main work is in checking the system still works, and considering how to warn the user if they don't supply a node name.

bboreham avatar Oct 15 '18 22:10 bboreham