epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-10 20:29:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support for webhook token auth. (#3939)

Browse Source 
Webhook token auth:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication

Fixes #3063.
This commit is contained in:
Seongjin Cho
2018-12-26 18:52:53 +09:00
committed by Kubernetes Prow Robot
parent 100d972cea
commit 16715adfa0
7 changed files with 63 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
View File

@@ -99,6 +99,9 @@ apiServerExtraArgs:
oidc-groups-claim: {{ kube_oidc_groups_claim }}
{% endif %}
{% endif %}
{% if kube_webhook_token_auth|default(false) %}
authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
{% endif %}
{% if kube_encrypt_secret_data %}
experimental-encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
{% endif %}
@@ -152,7 +155,7 @@ schedulerExtraArgs:
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
{% endfor %}
{% endif %}
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) %}
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) %}
apiServerExtraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config
@@ -169,6 +172,11 @@ apiServerExtraVolumes:
hostPath: {{ kube_token_dir }}
mountPath: {{ kube_token_dir }}
{% endif %}
{% if kube_webhook_token_auth|default(false) %}
- name: webhook-token-auth-config
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
{% endif %}
{% endif %}
apiServerCertSANs:
{% for san in apiserver_sans.split() | unique %}