修复kubelet安全策略 (#192)

https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
By default, requests to the kubelet’s HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.

To disable anonymous access and send 401 Unauthorized responses to unauthenticated requests:

start the kubelet with the --anonymous-auth=false flag

roles/kube-node/templates/kubelet.service.j2

@@ -22,6 +22,7 @@ ExecStart={{ bin_dir }}/kubelet \
   --hairpin-mode hairpin-veth \
   --allow-privileged=true \
   --fail-swap-on=false \
+  --anonymous-auth=false \
   --logtostderr=true \
   --v=2
 #kubelet cAdvisor 默认在所有接口监听 4194 端口的请求, 以下iptables限制内网访问