github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Run cAdvisor on the same interface as kubelet

Browse Source 
cAdvisor currently binds to all interfaces. Currently the only
solution is to use iptables to block access to the port. We
are better off making cAdvisor to bind to the interface that
kubelet uses for better security.

Fixes #11710
This commit is contained in:
Davanum Srinivas
2017-06-08 15:56:59 -04:00
parent 038d194723
commit 7e5c43a042
5 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/e2e_node/environment/conformance.go
View File

@@ -99,7 +99,7 @@ func containerRuntime() error {
}
// Setup cadvisor to check the container environment
c, err := cadvisor.New(0 /*don't start the http server*/, "docker", "/var/lib/kubelet")
c, err := cadvisor.New("", 0 /*don't start the http server*/, "docker", "/var/lib/kubelet")
if err != nil {
return printError("Container Runtime Check: %s Could not start cadvisor %v", failed, err)
}