mirror of
https://github.com/puppetmaster/typhoon.git
synced 2025-08-12 03:26:06 +02:00
Run kube-apiserver with lower privilege user (nobody)
* Run kube-apiserver as a non-root user (nobody). User no longer needs to bind low number ports. * On most platforms, the kube-apiserver load balancer listens on 6443 and fronts controllers with kube-apiserver pods using port 6443. Google Cloud TCP proxy load balancers cannot listen on 6443. However, GCP's load balancer can be made to listen on 443, while kube-apiserver uses 6443 across all platforms.
This commit is contained in:
Dalton Hubble
@ -5,6 +5,7 @@ Notable changes between versions.
|
||||
## Latest
|
||||
|
||||
* Update Calico from v3.7.3 to [v3.7.4](https://docs.projectcalico.org/v3.7/release-notes/)
|
||||
* Run `kube-apiserver` with lower privilege user (nobody) ([#506](https://github.com/poseidon/typhoon/pull/506))
|
||||
|
||||
#### Google Cloud
|
||||
|
||||
|
||||
Reference in New Issue
Block a user