epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 19:58:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Allow webhook authorization (#6502)

Browse Source
This commit is contained in:
Sulochan Acharya
2020-08-24 14:29:41 +01:00
committed by GitHub
parent 0c80d3d9fa
commit 36924b63dc
5 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
View File

@@ -154,6 +154,9 @@ apiServer:
{% if kube_webhook_token_auth|default(false) %}
authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
{% endif %}
{% if kube_webhook_authorization|default(false) %}
authorization-webhook-config-file: {{ kube_config_dir }}/webhook-authorization-config.yaml
{% endif %}
{% if kube_encrypt_secret_data %}
encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
{% endif %}
@@ -218,6 +221,11 @@ apiServer:
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
{% endif %}
{% if kube_webhook_authorization|default(false) %}
- name: webhook-authorization-config
hostPath: {{ kube_config_dir }}/webhook-authorization-config.yaml
mountPath: {{ kube_config_dir }}/webhook-authorization-config.yaml
{% endif %}
{% if kubernetes_audit or kubernetes_audit_webhook %}
- name: {{ audit_policy_name }}
hostPath: {{ audit_policy_hostpath }}