Add kube anon auth settings to kubeadm config templates (#4713)

* Disable kube_api_anonymous_auth by default to secure the setup

* Disable metrics-server in addons. Health endpoint is slow and unstable

* Fix anonymous-auth missing in configuration

* Cleanup a bit

* Fix kube anon auth
pull/4731/head
Andreas Krüger 2019-05-07 21:52:34 +02:00 committed by Kubernetes Prow Robot
parent 03bded2b6b
commit bf3c6aeed1
3 changed files with 6 additions and 3 deletions

View File

@ -50,6 +50,9 @@ certificatesDir: {{ kube_cert_dir }}
imageRepository: {{ kube_image_repo }} imageRepository: {{ kube_image_repo }}
unifiedControlPlaneImage: "" unifiedControlPlaneImage: ""
apiServerExtraArgs: apiServerExtraArgs:
{% if kube_api_anonymous_auth is defined and kube_version is version('v1.5', '>=') %}
anonymous-auth: "{{ kube_api_anonymous_auth }}"
{% endif %}
authorization-mode: {{ authorization_modes | join(',') }} authorization-mode: {{ authorization_modes | join(',') }}
bind-address: {{ kube_apiserver_bind_address }} bind-address: {{ kube_apiserver_bind_address }}
{% if kube_apiserver_insecure_port|string != "0" %} {% if kube_apiserver_insecure_port|string != "0" %}

View File

@ -47,6 +47,9 @@ imageRepository: {{ kube_image_repo }}
useHyperKubeImage: false useHyperKubeImage: false
apiServer: apiServer:
extraArgs: extraArgs:
{% if kube_api_anonymous_auth is defined and kube_version is version('v1.5', '>=') %}
anonymous-auth: "{{ kube_api_anonymous_auth }}"
{% endif %}
authorization-mode: {{ authorization_modes | join(',') }} authorization-mode: {{ authorization_modes | join(',') }}
bind-address: {{ kube_apiserver_bind_address }} bind-address: {{ kube_apiserver_bind_address }}
{% if kube_apiserver_insecure_port|string != "0" %} {% if kube_apiserver_insecure_port|string != "0" %}

View File

@ -90,6 +90,3 @@
with_nested: with_nested:
- "{{ pod_names }}" - "{{ pod_names }}"
- "{{ pod_ips }}" - "{{ pod_ips }}"
- name: Delete test namespace
shell: "{{ bin_dir }}/kubectl delete namespace test"