Kay Yan
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with
1 additions and
4 deletions
-
docs/hardening.md
-
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
-
tests/files/packet_ubuntu20-calico-aio-hardening.yml
|
|
@ -76,8 +76,6 @@ kube_controller_feature_gates: ["RotateKubeletServerCertificate=true"] |
|
|
|
|
|
|
|
## kube-scheduler |
|
|
|
kube_scheduler_bind_address: 127.0.0.1 |
|
|
|
kube_kubeadm_scheduler_extra_args: |
|
|
|
profiling: false |
|
|
|
# AppArmor-based OS |
|
|
|
# kube_scheduler_feature_gates: ["AppArmor=true"] |
|
|
|
|
|
|
|
|
|
@ -351,6 +351,7 @@ scheduler: |
|
|
|
{% if kube_scheduler_feature_gates or kube_feature_gates %} |
|
|
|
feature-gates: "{{ kube_scheduler_feature_gates | default(kube_feature_gates, true) | join(',') }}" |
|
|
|
{% endif %} |
|
|
|
profiling: "{{ kube_profiling }}" |
|
|
|
{% if kube_kubeadm_scheduler_extra_args|length > 0 %} |
|
|
|
{% for key in kube_kubeadm_scheduler_extra_args %} |
|
|
|
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}" |
|
|
|
|
|
@ -70,8 +70,6 @@ kube_controller_feature_gates: ["RotateKubeletServerCertificate=true", "AppArmor |
|
|
|
|
|
|
|
## kube-scheduler |
|
|
|
kube_scheduler_bind_address: 127.0.0.1 |
|
|
|
kube_kubeadm_scheduler_extra_args: |
|
|
|
profiling: false |
|
|
|
# AppArmor-based OS |
|
|
|
kube_scheduler_feature_gates: ["AppArmor=true"] |
|
|
|
|
|
|
|