mirror of https://github.com/easzlab/kubeasz.git
修复kubelet安全策略 (#192)
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/ By default, requests to the kubelet’s HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated. To disable anonymous access and send 401 Unauthorized responses to unauthenticated requests: start the kubelet with the --anonymous-auth=false flagpull/883/head
parent
a03fe10ee2
commit
6b6de7881e
|
@ -22,6 +22,7 @@ ExecStart={{ bin_dir }}/kubelet \
|
|||
--hairpin-mode hairpin-veth \
|
||||
--allow-privileged=true \
|
||||
--fail-swap-on=false \
|
||||
--anonymous-auth=false \
|
||||
--logtostderr=true \
|
||||
--v=2
|
||||
#kubelet cAdvisor 默认在所有接口监听 4194 端口的请求, 以下iptables限制内网访问
|
||||
|
|
Loading…
Reference in New Issue