Return back bind API server node loadbalancer to 127.0.0.1 for security purposes. (#4489)

5 years ago · 3b9d13fda9
2 changed files with 2 additions and 2 deletions
--- a/roles/kubernetes/node/templates/haproxy.cfg.j2
+++ b/roles/kubernetes/node/templates/haproxy.cfg.j2
@ -27,7 +27,7 @@ frontend healthz
 {% endif %}

 frontend kube_api_frontend
-  bind *:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }}
+  bind 127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }}
  mode tcp
  option tcplog
  default_backend kube_api_backend
--- a/roles/kubernetes/node/templates/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@ -19,7 +19,7 @@ stream {
  }

  server {
-    listen        {{ loadbalancer_apiserver_port|default(kube_apiserver_port) }};
+    listen        127.0.0.1:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }};
    proxy_pass    kube_apiserver;
    proxy_timeout 10m;
    proxy_connect_timeout 1s;