epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 11:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Security best practice fixes (#1783)

Browse Source 
* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet
This commit is contained in:
Matthew Mosesohn
2017-10-15 20:41:17 +01:00
committed by GitHub
parent 66e5e14bac
commit d487b2f927
9 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
View File

@@ -37,9 +37,11 @@ spec:
- --node-monitor-grace-period={{ kube_controller_node_monitor_grace_period }}
- --node-monitor-period={{ kube_controller_node_monitor_period }}
- --pod-eviction-timeout={{ kube_controller_pod_eviction_timeout }}
- --profiling=false
- --terminated-pod-gc-threshold=12500
- --v={{ kube_log_level }}
{% if rbac_enabled %}
- --use-service-account-credentials
- --use-service-account-credentials=true
{% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere"] %}
- --cloud-provider={{cloud_provider}}