github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-11 14:11:14 +00:00
Code Issues Projects Releases Wiki Activity

Add expiration LRU cache for webhook token authenticator.

Browse Source
This commit is contained in:
CJ Cullen
2016-05-14 16:35:11 -07:00
parent 066e70fac2
commit 57f96a932f
9 changed files with 38 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/admin/kube-apiserver.md
View File

@@ -56,6 +56,7 @@ kube-apiserver
--advertise-address=<nil>: The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
--allow-privileged[=false]: If true, allow privileged containers.
--apiserver-count=1: The number of apiservers running in the cluster
--authentication-token-webhook-cache-ttl=2m0s: The duration to cache responses from the webhook token authenticator. Default is 2m
--authentication-token-webhook-config-file="": File with webhook configuration for token authentication in kubeconfig format. The API server will query the remote service to determine authentication for bearer tokens.
--authorization-mode="AlwaysAllow": Ordered list of plug-ins to do authorization on secure port. Comma-delimited list of: AlwaysAllow,AlwaysDeny,ABAC,Webhook
--authorization-policy-file="": File with authorization policy in csv format, used with --authorization-mode=ABAC, on the secure port.
@@ -120,7 +121,7 @@ kube-apiserver
--watch-cache-sizes=[]: List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled.
```
###### Auto generated by spf13/cobra on 10-May-2016
###### Auto generated by spf13/cobra on 17-May-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->