Update service definition to bind to 127.0.0.1 (#9752)

Current service definition will result in an insecure kubelet per the example here: https://medium.com/handy-tech/analysis-of-a-kubernetes-hack-backdooring-through-kubelet-823be5c3d67c This change updates the kubelet configuration to bind to 127.0.0.1 so that the kubelet api does not allow unauthenticated access to the kubelet api.
2018-08-03 16:56:27 -07:00 · 2018-08-03 16:56:27 -07:00 · de9accfca3
parent 5bcd5df3f3
commit de9accfca3
1 changed files with 1 additions and 1 deletions
--- a/content/en/docs/setup/independent/setup-ha-etcd-with-kubeadm.md
+++ b/content/en/docs/setup/independent/setup-ha-etcd-with-kubeadm.md
@ -54,7 +54,7 @@ this example.
    cat << EOF > /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf
    [Service]
    ExecStart=
-    ExecStart=/usr/bin/kubelet --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true
+    ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true
    Restart=always
    EOF