To ensure the Controller Manager service is bound to secure loopback
address and a secure port,
set the RotateKubeletServerCertificate option to true
in the openshift-kube-controller-manager configmap on the master
node(s):
"extendedArguments": {
...
"port": ["0"],
...
It is also acceptable for a system to deprecate the insecure port:
"extendedArguments": {
...
...