Skip to content

Commit

Permalink
Do not use default 6443 port for kube-apiserver in the container.
Browse files Browse the repository at this point in the history 
Instead allow kube-apiserver bin to bind on privileged ports

Signed-off-by: Alexey Makhov <[email protected]>
  • Loading branch information
@makhov
makhov committed Jul 2, 2024
1 parent 9167dfb commit 1bec097
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
3 changes: 3 additions & 0 deletions internal/controller/infrastructure/remote_machine_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,9 @@ func (r *RemoteMachineController) getSSHKey(ctx context.Context, rm *infrastruct
}

func (r *RemoteMachineController) getBootstrapData(ctx context.Context, machine *clusterv1.Machine) ([]byte, error) {
if machine.Spec.Bootstrap.DataSecretName == nil {
return nil, fmt.Errorf("wait for bootstap secret for the machine: %s", machine.Name)
}
secret := &v1.Secret{}
key := client.ObjectKey{
Namespace: machine.Namespace,
Expand Down
8 changes: 7 additions & 1 deletion internal/controller/k0smotron.io/k0smotroncluster_entrypoint.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,10 @@ func init() {

func (r *ClusterReconciler) generateEntrypointCM(kmc *km.Cluster) (v1.ConfigMap, error) {
var entrypointBuf bytes.Buffer
err := entrypointTmpl.Execute(&entrypointBuf, map[string]string{
err := entrypointTmpl.Execute(&entrypointBuf, map[string]interface{}{
"KineDataSourceURLPlaceholder": kineDataSourceURLPlaceholder,
"K0sControllerArgs": r.getControllerFlags(kmc),
"PrivilegedPortIsUsed": kmc.Spec.Service.APIPort <= 1024,
})
if err != nil {
return v1.ConfigMap{}, err
Expand Down Expand Up @@ -110,6 +111,11 @@ mkdir /etc/k0s && echo "$K0SMOTRON_K0S_YAML" > /etc/k0s/k0s.yaml
# Substitute the kine datasource URL from the env var
sed -i "s {{ .KineDataSourceURLPlaceholder }} ${K0SMOTRON_KINE_DATASOURCE_URL} g" /etc/k0s/k0s.yaml
{{if .PrivilegedPortIsUsed}}
apk add --no-cache libcap
{ while ! setcap 'cap_net_bind_service=+ep' /var/lib/k0s/bin/kube-apiserver; do sleep 1 ; done ; } &
{{end}}
# Run the k0s controller
k0s controller {{ .K0sControllerArgs }}
`

0 comments on commit 1bec097

Please sign in to comment.