epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-08 11:07:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added support for webhook authentication/authorization on the secure kubelet endpoint

Browse Source
This commit is contained in:
Jonas Kongslund
2018-01-21 14:34:37 +04:00
parent 84e47f4aaa
commit a800ed094b
6 changed files with 97 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/kubespray-defaults/defaults/main.yaml
View File

@@ -197,6 +197,12 @@ openstack_lbaas_monitor_max_retries: "3"
authorization_modes: ['Node', 'RBAC']
rbac_enabled: "{{ 'RBAC' in authorization_modes or kubeadm_enabled }}"
# When enabled, API bearer tokens (including service account tokens) can be used to authenticate to the kubelets HTTPS endpoint
kubelet_authentication_token_webhook: false
# When enabled, access to the kubelet API requires authorization by delegation to the API server
kubelet_authorization_mode_webhook: false
## List of key=value pairs that describe feature gates for
## the k8s cluster.
kube_feature_gates: