epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-06 18:17:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Granular authentication Control

Browse Source 
It is now possible to deactivate selected authentication methods
(basic auth, token auth) inside the cluster by adding
removing the required arguments to the Kube API Server and generating
the secrets accordingly.

The x509 authentification is currently not optional because disabling it
would affect the kubectl clients deployed on the master nodes.
This commit is contained in:
Vincent Schwarzer
2017-02-27 14:15:50 +01:00
parent 3feab1cb2d
commit 026da060f2
5 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kubernetes/secrets/tasks/main.yml
View File

@@ -33,7 +33,7 @@
line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
backup: yes
with_dict: "{{ kube_users }}"
when: inventory_hostname in "{{ groups['kube-master'] }}"
when: inventory_hostname in "{{ groups['kube-master'] }}" and kube_basic_auth|default(true)
notify: set secret_changed
#