Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
3f2551ec05
k3s/pkg/daemons
History
Euan Kemp 4808c4e7d5 Listen insecurely on localhost only 
Before this change, k3s configured the scheduler and controller's
insecure ports to listen on 0.0.0.0. Those ports include pprof, which
provides a DoS vector at the very least.

These ports are only enabled for componentstatus checks in the first
place, and componentstatus is hardcoded to only do the check on
localhost anyway (see
https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344),
so there shouldn't be any downside to switching them to listen only on
localhost.
2020-08-05 10:28:11 -07:00
..
agent update cis flag implementation to propogate the rest of the way through to kubelet 2020-07-20 16:31:56 -07:00
config update cis flag implementation to propogate the rest of the way through to kubelet 2020-07-20 16:31:56 -07:00
control Listen insecurely on localhost only 2020-08-05 10:28:11 -07:00
executor Add heartbeat interval and election timeout 2020-06-06 16:39:42 -07:00