Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change apiserver port from 443 to 6443 (except GCP) #248

Merged
merged 1 commit into from
Jun 22, 2018

Conversation

dghubble
Copy link
Member

@dghubble dghubble commented Jun 20, 2018

  • Change load balancers, firewall rules, security groups, and generated kubeconfig's

@dghubble dghubble force-pushed the change-apiserver-port branch from 91802c2 to db921e7 Compare June 20, 2018 05:13
@dghubble
Copy link
Member Author

dghubble commented Jun 20, 2018

Bare-metal, DigitalOcean, and AWS work fine. Google Cloud doesn't if 6443 is used. Their TCP proxy only supports a limited set of special ports, which is unreasonable.

TCP Proxy Load Balancing supports the following ports: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222

@dghubble
Copy link
Member Author

dghubble commented Jun 20, 2018

For now, I'll have Google Cloud stick with 443. All the rest will make the switch to 6443. Some time later, I'll get Google Cloud to make the switch too or a switch to some high port.

As a downside, this means kube-apiserver will continue to have root for a while longer.

@dghubble dghubble force-pushed the change-apiserver-port branch from db921e7 to 90d5278 Compare June 20, 2018 06:43
@dghubble dghubble changed the title Change apiserver port from 443 to 6443 Change apiserver port from 443 to 6443 (except GCP) Jun 20, 2018
* Adjust firewall rules, security groups, cloud load balancers,
and generated kubeconfig's
* Facilitates some future simplifications and cost reductions
* Bare-Metal users who exposed kube-apiserver on a WAN via their
router or load balancer will need to adjust its configuration.
This is uncommon, most apiserver are on LAN and/or behind VPN
so no routing infrastructure is configured with the port number
@dghubble dghubble force-pushed the change-apiserver-port branch from 90d5278 to 6c5a196 Compare June 20, 2018 06:49
@dghubble dghubble merged commit 6c5a196 into master Jun 22, 2018
@dghubble dghubble deleted the change-apiserver-port branch June 22, 2018 07:27
@dghubble dghubble mentioned this pull request Aug 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant