Browse Source
Merge pull request #2898 from kubernetes-incubator/default_true_authtoken
Enable by default the kubelet token auth
pull/2895/merge
Andreas Krüger
6 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
1 additions and
1 deletions
-
roles/kubespray-defaults/defaults/main.yaml
|
|
@ -210,7 +210,7 @@ authorization_modes: ['Node', 'RBAC'] |
|
|
rbac_enabled: "{{ 'RBAC' in authorization_modes or kubeadm_enabled }}" |
|
|
rbac_enabled: "{{ 'RBAC' in authorization_modes or kubeadm_enabled }}" |
|
|
|
|
|
|
|
|
# When enabled, API bearer tokens (including service account tokens) can be used to authenticate to the kubelet’s HTTPS endpoint |
|
|
# When enabled, API bearer tokens (including service account tokens) can be used to authenticate to the kubelet’s HTTPS endpoint |
|
|
kubelet_authentication_token_webhook: false |
|
|
|
|
|
|
|
|
kubelet_authentication_token_webhook: true |
|
|
|
|
|
|
|
|
# When enabled, access to the kubelet API requires authorization by delegation to the API server |
|
|
# When enabled, access to the kubelet API requires authorization by delegation to the API server |
|
|
kubelet_authorization_mode_webhook: false |
|
|
kubelet_authorization_mode_webhook: false |
|
|
|
