Skip to content

Remove the apiserver insecure port #91506

New issue
New issue
Closed
Closed
Remove the apiserver insecure port#91506
Assignees
tallclair
Labels
kind/cleanupCategorizes issue or PR as related to cleaning up code, process, or technical debt.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.sig/api-machineryCategorizes an issue or PR as relevant to SIG API Machinery.sig/authCategorizes an issue or PR as relevant to SIG Auth.
Milestone
v1.21
@tallclair

Description

@tallclair
tallclair
opened on May 27, 2020

The API server's "insecure-port" has been deprecated since 1.10, but never had a deadline for removal. Previous efforts to remove the port have been blocked by requirements for http healthz checks (#43784).

I propose publishing a deadline to remove the feature in v1.20. This means that in v1.19 we:

  1. Update the deprecation notice to indicate that removal will happen in v1.20 (rather than a "future release")
  2. Add an [action required] release note to highlight the removal
  3. Figure out a path forward to meeting healthz or other requriments

For item 3, there are already out-of-tree solutions available today, such as a healthz-only proxy which can serve the same API on the same port, and authenticates as a user that only has access to healthz.

/cc @justinsb @micahhausler @deads2k @liggitt
/sig auth api-machinery
/milestone v1.20
/kind cleanup
/priority important-longterm

Metadata

Metadata

Assignees

Labels

kind/cleanupCategorizes issue or PR as related to cleaning up code, process, or technical debt.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.sig/api-machineryCategorizes an issue or PR as relevant to SIG API Machinery.sig/authCategorizes an issue or PR as relevant to SIG Auth.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions