From 63774ffe69862e8f25bdcc58c19bc4d97c5a127f Mon Sep 17 00:00:00 2001 From: Felipe Castro Date: Sun, 14 Feb 2021 21:20:53 -0800 Subject: [PATCH] kubernetes: set readOnlyPort and protectKernelDefaults --- packages/kubernetes-1.15/kubelet-config | 2 ++ packages/kubernetes-1.16/kubelet-config | 2 ++ packages/kubernetes-1.17/kubelet-config | 2 ++ packages/kubernetes-1.18/kubelet-config | 2 ++ packages/kubernetes-1.19/kubelet-config | 2 ++ 5 files changed, 10 insertions(+) diff --git a/packages/kubernetes-1.15/kubelet-config b/packages/kubernetes-1.15/kubelet-config index 518e45d593b..8d846f2a8b5 100644 --- a/packages/kubernetes-1.15/kubelet-config +++ b/packages/kubernetes-1.15/kubelet-config @@ -44,11 +44,13 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.16/kubelet-config b/packages/kubernetes-1.16/kubelet-config index 518e45d593b..8d846f2a8b5 100644 --- a/packages/kubernetes-1.16/kubelet-config +++ b/packages/kubernetes-1.16/kubelet-config @@ -44,11 +44,13 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.17/kubelet-config b/packages/kubernetes-1.17/kubelet-config index 1ad0a38b431..a34de62c6cc 100644 --- a/packages/kubernetes-1.17/kubelet-config +++ b/packages/kubernetes-1.17/kubelet-config @@ -44,12 +44,14 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true CSIMigration: false +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.18/kubelet-config b/packages/kubernetes-1.18/kubelet-config index 1ad0a38b431..a34de62c6cc 100644 --- a/packages/kubernetes-1.18/kubelet-config +++ b/packages/kubernetes-1.18/kubelet-config @@ -44,12 +44,14 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true CSIMigration: false +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache diff --git a/packages/kubernetes-1.19/kubelet-config b/packages/kubernetes-1.19/kubelet-config index 5fee6bc0bc7..93cdf4ae378 100644 --- a/packages/kubernetes-1.19/kubelet-config +++ b/packages/kubernetes-1.19/kubelet-config @@ -44,12 +44,14 @@ kubeReserved: ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth +readOnlyPort: 0 cgroupDriver: systemd cgroupRoot: "/" runtimeRequestTimeout: 15m featureGates: RotateKubeletServerCertificate: true CSIMigration: false +protectKernelDefaults: true serializeImagePulls: false serverTLSBootstrap: true configMapAndSecretChangeDetectionStrategy: Cache