CadolesKube/typhoon
7
0
Fork 0
mirror of https://github.com/puppetmaster/typhoon.git synced 2025-09-15 21:09:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use a lower-privilege Kubelet kubeconfig in system:nodes

Browse Source 
* Kubelets can use a lower-privilege TLS client certificate with
Org system:nodes and a binding to the system:node ClusterRole
* Admin kubeconfig's continue to belong to Org system:masters to
provide cluster-admin (available in assets/auth/kubeconfig or as
a Terraform output kubeconfig-admin)
* Remove bare-metal output variable kubeconfig
This commit is contained in:
Dalton Hubble
2019-01-02 23:30:42 -08:00
parent 1c6a0392ad
commit 812a1adb49
31 changed files with 46 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
digital-ocean/container-linux/kubernetes/ssh.tf
View File

@@ -10,7 +10,7 @@ resource "null_resource" "copy-controller-secrets" {
}
provisioner "file" {
content = "${module.bootkube.kubeconfig}"
content = "${module.bootkube.kubeconfig-kubelet}"
destination = "$HOME/kubeconfig"
}
@@ -78,7 +78,7 @@ resource "null_resource" "copy-worker-secrets" {
}
provisioner "file" {
content = "${module.bootkube.kubeconfig}"
content = "${module.bootkube.kubeconfig-kubelet}"
destination = "$HOME/kubeconfig"
}