mirror of
				https://github.com/puppetmaster/typhoon.git
				synced 2025-10-20 19:55:57 +02:00 
			
		
		
		
	Allow bearer token authn/authz to the Kubelet
* Require Webhook authorization to the Kubelet * Switch apiserver X509 client cert org to systems:masters to grant the apiserver admin and satisfy the authorization requirement. kubectl commands like logs or exec that have the apiserver make requests of a kubelet continue to work as before * https://kubernetes.io/docs/admin/kubelet-authentication-authorization/ * https://github.com/poseidon/typhoon/issues/215
This commit is contained in:
		| @@ -49,6 +49,8 @@ systemd: | ||||
|         ExecStart=/usr/lib/coreos/kubelet-wrapper \ | ||||
|           --allow-privileged \ | ||||
|           --anonymous-auth=false \ | ||||
|           --authentication-token-webhook \ | ||||
|           --authorization-mode=Webhook \ | ||||
|           --client-ca-file=/etc/kubernetes/ca.crt \ | ||||
|           --cluster_dns=${k8s_dns_service_ip} \ | ||||
|           --cluster_domain=${cluster_domain_suffix} \ | ||||
|   | ||||
		Reference in New Issue
	
	Block a user