Browse Source
Add optional setting for ca data in auth webhook (#8777)
* Add optional setting for ca data in auth webhook
* add webhook token auth variables to sample inventory
pull/8795/head
David Louks
2 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with
16 additions and
2 deletions
-
inventory/sample/group_vars/all/all.yml
-
roles/kubernetes/control-plane/defaults/main/main.yml
-
roles/kubernetes/control-plane/templates/webhook-token-auth-config.yaml.j2
|
|
|
@ -113,3 +113,10 @@ no_proxy_exclude_workers: false |
|
|
|
|
|
|
|
# sysctl_file_path to add sysctl conf to |
|
|
|
# sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" |
|
|
|
|
|
|
|
## Variables for webhook token auth https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication |
|
|
|
kube_webhook_token_auth: false |
|
|
|
kube_webhook_token_auth_url_skip_tls_verify: false |
|
|
|
# kube_webhook_token_auth_url: https://... |
|
|
|
## base64-encoded string of the webhook's CA certificate |
|
|
|
# kube_webhook_token_auth_ca_data: "LS0t..." |
|
|
|
@ -111,13 +111,17 @@ kube_api_runtime_config: [] |
|
|
|
## Enable/Disable Kube API Server Authentication Methods |
|
|
|
kube_token_auth: false |
|
|
|
kube_oidc_auth: false |
|
|
|
|
|
|
|
## Variables for webhook token auth https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication |
|
|
|
kube_webhook_token_auth: false |
|
|
|
kube_webhook_token_auth_url_skip_tls_verify: false |
|
|
|
## Variables for webhook token auth https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication |
|
|
|
# kube_webhook_token_auth_url: https://... |
|
|
|
kube_webhook_authorization: false |
|
|
|
## base64-encoded string of the webhook's CA certificate |
|
|
|
# kube_webhook_token_auth_ca_data: "LS0t..." |
|
|
|
|
|
|
|
## Variables for webhook token authz https://kubernetes.io/docs/reference/access-authn-authz/webhook/ |
|
|
|
# kube_webhook_authorization_url: https://... |
|
|
|
kube_webhook_authorization: false |
|
|
|
kube_webhook_authorization_url_skip_tls_verify: false |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -4,6 +4,9 @@ clusters: |
|
|
|
cluster: |
|
|
|
server: {{ kube_webhook_token_auth_url }} |
|
|
|
insecure-skip-tls-verify: {{ kube_webhook_token_auth_url_skip_tls_verify }} |
|
|
|
{% if kube_webhook_token_auth_ca_data is defined %} |
|
|
|
certificate-authority-data: {{ kube_webhook_token_auth_ca_data }} |
|
|
|
{% endif %} |
|
|
|
|
|
|
|
# users refers to the API server's webhook configuration. |
|
|
|
users: |
|
|
|
|
