Merge pull request #68982 from aruneli/master

Fixes #65869 Do not listen insecurely if secure port is specified
2018-10-03 17:32:28 -07:00
parent 16256296d2 1761031f5f
commit 5dd78df7da
3 changed files with 12 additions and 6 deletions
--- a/cmd/cloud-controller-manager/app/options/options.go
+++ b/cmd/cloud-controller-manager/app/options/options.go
@@ -51,6 +51,8 @@ import (
 const (
 	// CloudControllerManagerUserAgent is the userAgent name when starting cloud-controller managers.
 	CloudControllerManagerUserAgent = "cloud-controller-manager"
+	// DefaultInsecureCloudControllerManagerPort is the default insecure cloud-controller manager port.
+	DefaultInsecureCloudControllerManagerPort = 0
 )

 // CloudControllerManagerOptions is the main context object for the controller manager.
@@ -74,7 +76,7 @@ type CloudControllerManagerOptions struct {

 // NewCloudControllerManagerOptions creates a new ExternalCMServer with a default config.
 func NewCloudControllerManagerOptions() (*CloudControllerManagerOptions, error) {
-	componentConfig, err := NewDefaultComponentConfig(ports.InsecureCloudControllerManagerPort)
+	componentConfig, err := NewDefaultComponentConfig(DefaultInsecureCloudControllerManagerPort)
 	if err != nil {
 		return nil, err
 	}
--- a/cmd/cloud-controller-manager/app/options/options_test.go
+++ b/cmd/cloud-controller-manager/app/options/options_test.go
@@ -37,8 +37,8 @@ func TestDefaultFlags(t *testing.T) {

 	expected := &CloudControllerManagerOptions{
 		Generic: &cmoptions.GenericControllerManagerConfigurationOptions{
-			Port:            10253,     // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
-			Address:         "0.0.0.0", // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
+			Port:            DefaultInsecureCloudControllerManagerPort, // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
+			Address:         "0.0.0.0",                                 // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
 			MinResyncPeriod: metav1.Duration{Duration: 12 * time.Hour},
 			ClientConnection: apimachineryconfig.ClientConnectionConfiguration{
 				ContentType: "application/vnd.kubernetes.protobuf",
@@ -85,7 +85,7 @@ func TestDefaultFlags(t *testing.T) {
 		}).WithLoopback(),
 		InsecureServing: (&apiserveroptions.DeprecatedInsecureServingOptions{
 			BindAddress: net.ParseIP("0.0.0.0"),
-			BindPort:    int(10253),
+			BindPort:    int(0),
 			BindNetwork: "tcp",
 		}).WithLoopback(),
 		Authentication: &apiserveroptions.DelegatingAuthenticationOptions{
@@ -155,8 +155,8 @@ func TestAddFlags(t *testing.T) {

 	expected := &CloudControllerManagerOptions{
 		Generic: &cmoptions.GenericControllerManagerConfigurationOptions{
-			Port:            10253,     // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
-			Address:         "0.0.0.0", // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
+			Port:            DefaultInsecureCloudControllerManagerPort, // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
+			Address:         "0.0.0.0",                                 // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
 			MinResyncPeriod: metav1.Duration{Duration: 100 * time.Minute},
 			ClientConnection: apimachineryconfig.ClientConnectionConfiguration{
 				ContentType: "application/vnd.kubernetes.protobuf",