This is a potential security risk, be sure to firewall the access to it.

services: # ... kubelet: extra_args: read-only-port: 10255

Working perfectly !

be sure to firewall the access to it

Given master has IP address XX.XX.XXX.XXX and worker YYY.YYY.YY.YY, is the following correct for you ? :

$ ssh [email protected]
$ iptables -A INPUT -p tcp --dport 10255 -s YYY.YYY.YY.YY -j ACCEPT
$ iptables -A INPUT -p tcp --dport 10255 -j DROP
$ logout

$ ssh [email protected]
$ iptables -A INPUT -p tcp --dport 10255 -s XX.XX.XXX.XXX -j ACCEPT
$ iptables -A INPUT -p tcp --dport 10255 -j DROP
$ logout

... kubelet: extra_args: read-only-port: 10255

Could you tell me where to add this?

This is a potential security risk, be sure to firewall the access to it.

  # ...
  kubelet:
    extra_args:
      read-only-port: 10255

where should i add this

  --read-only-port int32

kubenetes1.12.0

The read-only port for the Kubelet to serve on with no authentication/authorization (set to 0 to disable) (default 10255) (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.)

So I'm facing this problem right now, Anyone can explain how to solve it further? I need to open 10255 for telegraf's K8S input plugin. I installed HA cluster using the rke method.

@MoHD20 https://sealyun.com/post/heapster-error/ I solved it by change heapster flags

--source=kubernetes:https://kubernetes.default:443?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

I updated the --source from the Kubernetes heapster deployment and it works, thank you @fanux