remove kube-apiserver --insecure-port usage #2156
Comments
neolit123
added
kind/deprecation
neolit123
changed the title
|
/assign |
|
critically, kubeadm should not stop setting this flag until a kubernetes version that removes insecure serving ability... in all currently released versions, not specifying the flag accepts the default behavior of enabling the insecure port |
|
/assign As this flag has no effect, we can just remove it in kubeadm side in 1.22 now. |
|
i see that for the kube-apiserver the change was made in 1.20: kubeadm can deploy N and N-1 control-plane. so kubeadm 1.22 can deploy 1.22 and 1.21 kube-apiserver. for the KCM and KS i see the insecure flags are becoming no-op in 1.22: thus we can delay the kubeadm change for KCM and KS to 1.23, to avoid branching: |
From kubernetes v1.24 onwards the kubeapi flag --insecure-port has been removed. In CIS compliant environment this flag was in use, with it the apiserver does not come up. This flag is a no-op since kubernetes v1.20[1] [1] kubernetes/kubeadm#2156
the flag is being removed after a long deprecation period:
kubernetes/kubernetes#91506
in kubeadm we are passing:
--insecure-port=0in the api server static pod.the flag became a no-op in 1.20:
kubernetes/kubernetes#95856
it will be removed in 1.24:
https://github.com/kubernetes/kubernetes/pull/95856/files#diff-3149c6ede53e3a658bbcf11f1456f2ac955ae49db5ab66ee9e13f883488349d3R151
kubeadm can remove it earleir
related to:
#2207
NOTE
this PR might do the change in kubeadm as well:
kubernetes/kubernetes#95522
The text was updated successfully, but these errors were encountered: