Disable Kubelet 127.0.0.1.10248 healthz endpoint

* Kubelet runs a healthz server listening on 127.0.0.1:10248
by default. Its unused by Typhoon and can be disabled
* https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
This commit is contained in:
Dalton Hubble 2019-12-29 11:20:59 -08:00
parent f1f4cd6fc0
commit b2eb3e05d0
15 changed files with 15 additions and 0 deletions

View File

@ -7,6 +7,7 @@ Notable changes between versions.
* Update CoreDNS from v1.6.5 to [v1.6.6](https://coredns.io/2019/12/11/coredns-1.6.6-release/) ([#602](https://github.com/poseidon/typhoon/pull/602)) * Update CoreDNS from v1.6.5 to [v1.6.6](https://coredns.io/2019/12/11/coredns-1.6.6-release/) ([#602](https://github.com/poseidon/typhoon/pull/602))
* Update Calico from v3.10.2 to v3.11.1 ([#604](https://github.com/poseidon/typhoon/pull/604)) * Update Calico from v3.10.2 to v3.11.1 ([#604](https://github.com/poseidon/typhoon/pull/604))
* Inline Kubelet service on Container Linux nodes ([#606](https://github.com/poseidon/typhoon/pull/606)) * Inline Kubelet service on Container Linux nodes ([#606](https://github.com/poseidon/typhoon/pull/606))
* Disable unused Kubelet `127.0.0.1:10248` healthz listener ([#607](https://github.com/poseidon/typhoon/pull/607))
#### Addons #### Addons

View File

@ -100,6 +100,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--network-plugin=cni \ --network-plugin=cni \

View File

@ -75,6 +75,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--network-plugin=cni \ --network-plugin=cni \

View File

@ -92,6 +92,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--network-plugin=cni \ --network-plugin=cni \

View File

@ -62,6 +62,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--network-plugin=cni \ --network-plugin=cni \

View File

@ -98,6 +98,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--network-plugin=cni \ --network-plugin=cni \

View File

@ -73,6 +73,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--network-plugin=cni \ --network-plugin=cni \

View File

@ -112,6 +112,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--hostname-override=${domain_name} \ --hostname-override=${domain_name} \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \

View File

@ -87,6 +87,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--hostname-override=${domain_name} \ --hostname-override=${domain_name} \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \

View File

@ -93,6 +93,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--hostname-override=${domain_name} \ --hostname-override=${domain_name} \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \

View File

@ -63,6 +63,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--hostname-override=${domain_name} \ --hostname-override=${domain_name} \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \

View File

@ -109,6 +109,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \ --hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \

View File

@ -84,6 +84,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \ --hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \

View File

@ -98,6 +98,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--network-plugin=cni \ --network-plugin=cni \

View File

@ -73,6 +73,7 @@ systemd:
--cluster_domain=${cluster_domain_suffix} \ --cluster_domain=${cluster_domain_suffix} \
--cni-conf-dir=/etc/kubernetes/cni/net.d \ --cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \ --exit-on-lock-contention \
--healthz-port=0 \
--kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--network-plugin=cni \ --network-plugin=cni \