Too many ports are exposed by default on the master (and nodes with non-default configuration)

[ctrlaltdel]

Here's how a portscan of the master node looks on a brand new deployment using 39bd807aa36ea2ed5c54607a7d27534a0c3fd640. To improve out of the box security, we should try to limit the number of port opened by default.

$ sudo nmap -p- -T aggressive XXX

Nmap scan report for XXX
Host is up (0.0011s latency).
Not shown: 65525 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
443/tcp   open  https
6443/tcp  open  sun-sr-https
8443/tcp  open  https-alt
10250/tcp open  unknown
10254/tcp open  unknown
10255/tcp open  unknown
10256/tcp open  unknown
18080/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 1597.97 seconds
$

[ctrlaltdel]

Here's the result with the latest code.

Nmap scan report for XXXXXX
Host is up (0.011s latency).
Not shown: 65531 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
6443/tcp open  sun-sr-https

Nmap done: 1 IP address (1 host up) scanned in 1838.11 seconds
$