Cluster information:
Kubernetes version: 1.16
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Archlinux
CNI and version: flannel
CRI and version: cri-o 1.16
Hi,
using kubeadm I’ve bootstrap a single instance master node.
Now if I see listen tcp ports on my cluster:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 15361/kubelet
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 1800/kube-proxy
tcp 0 0 127.0.0.1:10251 0.0.0.0:* LISTEN 1440/kube-scheduler
tcp 0 0 my.pub.lic.ip:2379 0.0.0.0:* LISTEN 1603/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 1603/etcd
tcp 0 0 my.pub.lic.ip:2380 0.0.0.0:* LISTEN 1603/etcd
tcp 0 0 127.0.0.1:2381 0.0.0.0:* LISTEN 1603/etcd
tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN 1490/kube-controlle
tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN 1440/kube-scheduler
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 429/sshd
tcp 0 0 127.0.0.1:42071 0.0.0.0:* LISTEN 447/crio
tcp6 0 0 :::10250 :::* LISTEN 15361/kubelet
tcp6 0 0 :::6443 :::* LISTEN 1481/kube-apiserver
tcp6 0 0 :::10252 :::* LISTEN 1490/kube-controlle
tcp6 0 0 :::10256 :::* LISTEN 1800/kube-proxy
tcp6 0 0 :::22 :::* LISTEN 429/sshd
in the kubeadmin config file I tried this
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
[...]
controllerManager:
extraArgs:
bind-address: 127.0.0.1
scheduler:
extraArgs:
address: 127.0.0.1
[...]
but those directive didn’t work.
Questions:
- i’ve managed to put kubelet to listen localhost only but the
logscommand is not working, this is the correct behavior? - how I can put controll manager and kube-proxy to listen localhost only? And can I do it without break something?
- I can set the etcd to listen local only? And can I do it without break something?
obv I don’t want to add others master/worker nodes in the future
thanks and sorry for bad English