Browse Source
disable kubelet_authorization_mode_webhook by default (#9239)
pull/9253/head
v2.19.1
Cristian Calin
2 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
1 additions and
2 deletions
-
docs/hardening.md
-
roles/kubespray-defaults/defaults/main.yaml
|
|
@ -74,7 +74,6 @@ kube_kubeadm_scheduler_extra_args: |
|
|
|
etcd_deployment_type: kubeadm |
|
|
|
|
|
|
|
## kubelet |
|
|
|
kubelet_authorization_mode_webhook: true |
|
|
|
kubelet_authentication_token_webhook: true |
|
|
|
kube_read_only_port: 0 |
|
|
|
kubelet_rotate_server_certificates: true |
|
|
|
|
|
@ -484,7 +484,7 @@ rbac_enabled: "{{ 'RBAC' in authorization_modes }}" |
|
|
|
kubelet_authentication_token_webhook: true |
|
|
|
|
|
|
|
# When enabled, access to the kubelet API requires authorization by delegation to the API server |
|
|
|
kubelet_authorization_mode_webhook: true |
|
|
|
kubelet_authorization_mode_webhook: false |
|
|
|
|
|
|
|
# kubelet uses certificates for authenticating to the Kubernetes API |
|
|
|
# Automatically generate a new key and request a new certificate from the Kubernetes API as the current certificate approaches expiration |
|
|
|