github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 01:06:27 +00:00
Code Issues Projects Releases Wiki Activity

enable token auth for kubelets in GCE

Browse Source
This commit is contained in:
Mike Danese 2018-01-11 15:47:24 -08:00
parent 666b6b9e85
commit 23d02c8f07
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/gce/util.sh
View File

@ -571,8 +571,11 @@ function construct-kubelet-flags {
[[ "${HAIRPIN_MODE:-}" == "none" ]]; then [[ "${HAIRPIN_MODE:-}" == "none" ]]; then
flags+=" --hairpin-mode=${HAIRPIN_MODE}" flags+=" --hairpin-mode=${HAIRPIN_MODE}"
fi fi
flags+=" --anonymous-auth=false"
flags+=" --authentication-token-webhook"
flags+=" --authorization-mode=Webhook"
# Keep client-ca-file in sync with CA_CERT_BUNDLE_PATH in configure-helper.sh # Keep client-ca-file in sync with CA_CERT_BUNDLE_PATH in configure-helper.sh
flags+=" --anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/etc/srv/kubernetes/pki/ca-certificates.crt" flags+=" --client-ca-file=/etc/srv/kubernetes/pki/ca-certificates.crt"
fi fi
# Network plugin # Network plugin
if [[ -n "${NETWORK_PROVIDER:-}" || -n "${NETWORK_POLICY_PROVIDER:-}" ]]; then if [[ -n "${NETWORK_PROVIDER:-}" || -n "${NETWORK_POLICY_PROVIDER:-}" ]]; then