Skip to content

connectivity-check: Use unprivileged ports #12948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 24, 2020
Merged

connectivity-check: Use unprivileged ports #12948

merged 1 commit into from
Aug 24, 2020

Conversation

tgraf
Copy link
Member

@tgraf tgraf commented Aug 21, 2020

Use of port 80 causes unnecessary requirements for k8s environments to
allow pods to bind to privileged ports. Switch to port 8080 instead.

@tgraf
connectivity-check: Use unprivileged ports
30e526c 
Use of port 80 causes unnecessary requirements for k8s environments to
allow pods to bind to privileged ports. Switch to port 8080 instead.

Signed-off-by: Thomas Graf <thomas@cilium.io>
@tgraf tgraf added area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. labels Aug 21, 2020
@tgraf tgraf requested a review from a team August 21, 2020 11:57
@tgraf
Copy link
Member Author

tgraf commented Aug 21, 2020

test-me-please

sayboras
sayboras approved these changes Aug 21, 2020
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 💯

Just curious if there is any plan to use unprivileged ports for cilium services as well. If I am not wrong, some hubble related service might still use port 80.

@tgraf
Copy link
Member Author

tgraf commented Aug 21, 2020

test-me-please

@gandro
Copy link
Member

gandro commented Aug 24, 2020

@sayboras

Just curious if there is any plan to use unprivileged ports for cilium services as well. If I am not wrong, some hubble related service might still use port 80.

I think the Hubble related services you might be referring to (hubble-relay and hubble-ui) are only using port 80 on the service frontend, but not the container (target) port. hubble-relay listens on port 4245, hubble-ui on port 12000.

In that case, I don't think we suffer the problem this PR is addressing (which is fixing up the container ports)

@tgraf tgraf merged commit aacc6e7 into master Aug 24, 2020
@tgraf tgraf deleted the pr/tgraf/unprivileged-ports branch August 24, 2020 09:44
@brb brb mentioned this pull request Aug 25, 2020
Merged
This was referenced Aug 27, 2020
Merged
Merged
@kaworu kaworu mentioned this pull request Sep 7, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joestringer joestringer joestringer approved these changes

@sayboras sayboras sayboras approved these changes

Assignees
No one assigned
Labels
area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tgraf @gandro @joestringer @sayboras @kaworu