Allow bearer token authn/authz to the Kubelet

* Require Webhook authorization to the Kubelet * Switch apiserver X509 client cert org to systems:masters to grant the apiserver admin and satisfy the authorization requirement. kubectl commands like logs or exec that have the apiserver make requests of a kubelet continue to work as before * https://kubernetes.io/docs/admin/kubelet-authentication-authorization/ * https://github.com/poseidon/typhoon/issues/215
2025-08-12 05:46:03 +02:00 · 2018-05-13 23:20:42 -07:00
parent 5eb11f5104
commit 37981f9fb1
25 changed files with 43 additions and 8 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -6,6 +6,9 @@ Notable changes between versions.

 * Update etcd from v3.3.4 to v3.3.5 ([#213](https://github.com/poseidon/typhoon/pull/213))
 * Require Terraform v0.11.x and drop support for v0.10.x ([migration guide](https://typhoon.psdn.io/topics/maintenance/#terraform-v011x))
+* Allow bearer token authentication to the Kubelet ([#216](https://github.com/poseidon/typhoon/issues/215))
+  * Require Webhook authorization to the Kubelet
+  * Switch apiserver X509 client cert org to satisfy new authorization requirement

 #### AWS