epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-08 11:07:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Security best practice fixes (#1783)

Browse Source 
* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet
This commit is contained in:
Matthew Mosesohn
2017-10-15 20:41:17 +01:00
committed by GitHub
parent 66e5e14bac
commit d487b2f927
9 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/kubernetes/master/defaults/main.yml
View File

@@ -52,8 +52,8 @@ kube_api_runtime_config:
- admissionregistration.k8s.io/v1alpha1
## Enable/Disable Kube API Server Authentication Methods
kube_basic_auth: true
kube_token_auth: true
kube_basic_auth: false
kube_token_auth: false
kube_oidc_auth: false
## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/