Block anonymous auth requests to kubelet
Matthew Mosesohn
parent
4470ee4ccf
commit
f7703dbca3
|
|
@ -28,6 +28,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
||||||
--node-status-update-frequency={{ kubelet_status_update_frequency }} \
|
--node-status-update-frequency={{ kubelet_status_update_frequency }} \
|
||||||
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \
|
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \
|
||||||
--docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
|
--docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
|
||||||
|
--anonymous-auth=false \
|
||||||
{% if kube_version | version_compare('v1.8', '<') %}
|
{% if kube_version | version_compare('v1.8', '<') %}
|
||||||
--experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \
|
--experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
||||||
--client-ca-file={{ kube_cert_dir }}/ca.pem \
|
--client-ca-file={{ kube_cert_dir }}/ca.pem \
|
||||||
--tls-cert-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem \
|
--tls-cert-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem \
|
||||||
--tls-private-key-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
|
--tls-private-key-file={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
|
||||||
|
--anonymous-auth=false \
|
||||||
{% if kube_version | version_compare('v1.6', '>=') %}
|
{% if kube_version | version_compare('v1.6', '>=') %}
|
||||||
{# flag got removed with 1.7.0 #}
|
{# flag got removed with 1.7.0 #}
|
||||||
{% if kube_version | version_compare('v1.7', '<') %}
|
{% if kube_version | version_compare('v1.7', '<') %}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue