External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-01 08:48:50 -03:30
Code Issues Packages Projects Releases Wiki Activity

Return back bind API server node loadbalancer to 127.0.0.1 for security purposes. (#4489)

Browse Source
This commit is contained in:
Sergey
2019-04-10 22:20:08 +03:00
committed by Kubernetes Prow Robot
parent 5e0249ae7c
commit 3b9d13fda9
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kubernetes/node/templates/haproxy.cfg.j2
View File

@@ -27,7 +27,7 @@ frontend healthz
{% endif %} {% endif %}
frontend kube_api_frontend frontend kube_api_frontend
bind *:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} bind 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }}
mode tcp mode tcp
option tcplog option tcplog
default_backend kube_api_backend default_backend kube_api_backend

2
roles/kubernetes/node/templates/nginx.conf.j2
View File

@@ -19,7 +19,7 @@ stream {
} }
server { server {
listen {{ loadbalancer_apiserver_port|default(kube_apiserver_port) }}; listen 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }};
proxy_pass kube_apiserver; proxy_pass kube_apiserver;
proxy_timeout 10m; proxy_timeout 10m;
proxy_connect_timeout 1s; proxy_connect_timeout 1s;