Merge pull request #9899 from olemarkus/remove-insecure-bind-address

Don't explicitly set insecure-bind-address on newer k8s

nodeup/pkg/model/tests/golden/awsiam/tasks-kube-apiserver.yaml

@@ -49,7 +49,6 @@ contents: |
       - --etcd-keyfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.key
       - --etcd-servers-overrides=/events#https://127.0.0.1:4002
       - --etcd-servers=https://127.0.0.1:4001
-      - --insecure-bind-address=127.0.0.1
       - --insecure-port=0
       - --kubelet-client-certificate=/srv/kubernetes/kubelet-api.crt
       - --kubelet-client-key=/srv/kubernetes/kubelet-api.key

nodeup/pkg/model/tests/golden/minimal/tasks-kube-apiserver.yaml

@@ -27,7 +27,6 @@ contents: |
       - --etcd-keyfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.key
       - --etcd-servers-overrides=/events#https://127.0.0.1:4002
       - --etcd-servers=https://127.0.0.1:4001
-      - --insecure-bind-address=127.0.0.1
       - --insecure-port=0
       - --kubelet-client-certificate=/srv/kubernetes/kubelet-api.crt
       - --kubelet-client-key=/srv/kubernetes/kubelet-api.key

nodeup/pkg/model/tests/golden/side-loading/tasks-kube-apiserver-amd64.yaml

@@ -27,7 +27,6 @@ contents: |
       - --etcd-keyfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.key
       - --etcd-servers-overrides=/events#https://127.0.0.1:4002
       - --etcd-servers=https://127.0.0.1:4001
-      - --insecure-bind-address=127.0.0.1
       - --insecure-port=0
       - --kubelet-client-certificate=/srv/kubernetes/kubelet-api.crt
       - --kubelet-client-key=/srv/kubernetes/kubelet-api.key

nodeup/pkg/model/tests/golden/side-loading/tasks-kube-apiserver-arm64.yaml

@@ -27,7 +27,6 @@ contents: |
       - --etcd-keyfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.key
       - --etcd-servers-overrides=/events#https://127.0.0.1:4002
       - --etcd-servers=https://127.0.0.1:4001
-      - --insecure-bind-address=127.0.0.1
       - --insecure-port=0
       - --kubelet-client-certificate=/srv/kubernetes/kubelet-api.crt
       - --kubelet-client-key=/srv/kubernetes/kubelet-api.key

pkg/model/components/apiserver.go

@@ -162,7 +162,6 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 	c.SecurePort = 443
 
 	c.BindAddress = "0.0.0.0"
-	c.InsecureBindAddress = "127.0.0.1"
 
 	c.AllowPrivileged = fi.Bool(true)
 	c.ServiceClusterIPRange = clusterSpec.ServiceClusterIPRange
@@ -217,9 +216,11 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 
 	if b.IsKubernetesGTE("1.17") {
 		// We query via the kube-apiserver-healthcheck proxy, which listens on port 3990
+		c.InsecureBindAddress = ""
 		c.InsecurePort = 0
 	} else {
 		// Older versions of kubernetes continue to rely on the insecure port: kubernetes issue #43784
+		c.InsecureBindAddress = "127.0.0.1"
 		c.InsecurePort = 8080
 	}
 

tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml

@@ -195,7 +195,6 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope
     etcdServersOverrides:
     - /events#http://127.0.0.1:4002
     image: k8s.gcr.io/kube-apiserver:v1.18.0
-    insecureBindAddress: 127.0.0.1
     kubeletPreferredAddressTypes:
     - InternalIP
     - Hostname

tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data

@@ -193,7 +193,6 @@ kubeAPIServer:
   etcdServersOverrides:
   - /events#http://127.0.0.1:4002
   image: k8s.gcr.io/kube-apiserver:v1.18.0
-  insecureBindAddress: 127.0.0.1
   kubeletPreferredAddressTypes:
   - InternalIP
   - Hostname