From 4f82c79fa2ede9e65f39f0238d1f46e0e4af5971 Mon Sep 17 00:00:00 2001
From: gjmzj <gaojianming.zj@139.com>
Date: Mon, 2 Jul 2018 12:27:19 +0800
Subject: [PATCH] fix x509: subject with cn=system:node: is not in the allowed
 list: [aggregator]

---
 roles/kube-master/templates/kube-apiserver-v1.8.service.j2 | 2 +-
 roles/kube-master/templates/kube-apiserver.service.j2      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/kube-master/templates/kube-apiserver-v1.8.service.j2 b/roles/kube-master/templates/kube-apiserver-v1.8.service.j2
index ef0f1da..d4364e8 100644
--- a/roles/kube-master/templates/kube-apiserver-v1.8.service.j2
+++ b/roles/kube-master/templates/kube-apiserver-v1.8.service.j2
@@ -35,7 +35,7 @@ ExecStart={{ bin_dir }}/kube-apiserver \
   --audit-log-path=/var/lib/audit.log \
   --event-ttl=1h \
   --requestheader-client-ca-file={{ ca_dir }}/ca.pem \
-  --requestheader-allowed-names=aggregator \
+  --requestheader-allowed-names='' \
   --requestheader-extra-headers-prefix=X-Remote-Extra- \
   --requestheader-group-headers=X-Remote-Group \
   --requestheader-username-headers=X-Remote-User \
diff --git a/roles/kube-master/templates/kube-apiserver.service.j2 b/roles/kube-master/templates/kube-apiserver.service.j2
index 6ea4131..d0fd906 100644
--- a/roles/kube-master/templates/kube-apiserver.service.j2
+++ b/roles/kube-master/templates/kube-apiserver.service.j2
@@ -35,7 +35,7 @@ ExecStart={{ bin_dir }}/kube-apiserver \
   --audit-log-path=/var/lib/audit.log \
   --event-ttl=1h \
   --requestheader-client-ca-file={{ ca_dir }}/ca.pem \
-  --requestheader-allowed-names=aggregator \
+  --requestheader-allowed-names='' \
   --requestheader-extra-headers-prefix=X-Remote-Extra- \
   --requestheader-group-headers=X-Remote-Group \
   --requestheader-username-headers=X-Remote-User \