richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove --auth-anonymous if kube_api_anonymous_auth is undefined. (#12353) 

Remove --auth-anonymous if kube_api_anonymous_auth in undefined, to avoid
compatibility errors with other arguments of the kube-apiserver, such as
--authentication-config when anonymous field is configured.
pull/11994/head
Psycho Mantys 2 months ago
committed by GitHub
parent
96c39ae7fd
commit
5b1334102b
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
3 changed files with 7 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
  2. 3
      roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
  3. 1
      roles/kubespray_defaults/defaults/main/main.yml

3
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
View File

@ -109,7 +109,10 @@ apiServer:
etcd-compaction-interval: "{{ kube_apiserver_etcd_compaction_interval }}"
default-not-ready-toleration-seconds: "{{ kube_apiserver_pod_eviction_not_ready_timeout_seconds }}"
default-unreachable-toleration-seconds: "{{ kube_apiserver_pod_eviction_unreachable_timeout_seconds }}"
{% if kube_api_anonymous_auth is defined %}
{# TODO: rework once suppport for structured auth lands #}
anonymous-auth: "{{ kube_api_anonymous_auth }}"
{% endif %}
{% if kube_apiserver_use_authorization_config_file %}
authorization-config: "{{ kube_config_dir }}/apiserver-authorization-config-{{ kube_apiserver_authorization_config_api_version }}.yaml"
{% else %}

3
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
View File

@ -131,8 +131,11 @@ apiServer:
value: "{{ kube_apiserver_pod_eviction_not_ready_timeout_seconds }}"
- name: default-unreachable-toleration-seconds
value: "{{ kube_apiserver_pod_eviction_unreachable_timeout_seconds }}"
{% if kube_api_anonymous_auth is defined %}
{# TODO: rework once suppport for structured auth lands #}
- name: anonymous-auth
value: "{{ kube_api_anonymous_auth }}"
{% endif %}
{% if kube_apiserver_use_authorization_config_file %}
- name: authorization-config
value: "{{ kube_config_dir }}/apiserver-authorization-config-{{ kube_apiserver_authorization_config_api_version }}.yaml"

1
roles/kubespray_defaults/defaults/main/main.yml
View File

@ -11,6 +11,7 @@ ping_access_ip: true
# Setting this value to false will fail
# For details, read this comment https://github.com/kubernetes-sigs/kubespray/pull/11016#issuecomment-2004985001
# if kube_api_anonymous_auth: "{{ undef() }}", remove --anonymous-auth argument
kube_api_anonymous_auth: true
# Default value, but will be set to true automatically if detected

Write Preview
Loading…
Cancel
Save