mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-27 05:27:21 +00:00
fix kubelet config bug for kubeadm init phase
This commit is contained in:
SataQiu
parent
33f907a4df
commit
5b74f3d8ad
@ -17,6 +17,8 @@ limitations under the License.
|
|||||||
package componentconfigs
|
package componentconfigs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
kubeproxyconfigv1alpha1 "k8s.io/kube-proxy/config/v1alpha1"
|
kubeproxyconfigv1alpha1 "k8s.io/kube-proxy/config/v1alpha1"
|
||||||
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
|
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
|
||||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||||
@ -88,7 +90,7 @@ func DefaultKubeletConfiguration(internalcfg *kubeadmapi.ClusterConfiguration) {
|
|||||||
// Enforce security-related kubelet options
|
// Enforce security-related kubelet options
|
||||||
|
|
||||||
// Require all clients to the kubelet API to have client certs signed by the cluster CA
|
// Require all clients to the kubelet API to have client certs signed by the cluster CA
|
||||||
externalkubeletcfg.Authentication.X509.ClientCAFile = kubeadmapiv1beta1.DefaultCACertPath
|
externalkubeletcfg.Authentication.X509.ClientCAFile = filepath.Join(internalcfg.CertificatesDir, constants.CACertName)
|
||||||
externalkubeletcfg.Authentication.Anonymous.Enabled = utilpointer.BoolPtr(false)
|
externalkubeletcfg.Authentication.Anonymous.Enabled = utilpointer.BoolPtr(false)
|
||||||
|
|
||||||
// On every client request to the kubelet API, execute a webhook (SubjectAccessReview request) to the API server
|
// On every client request to the kubelet API, execute a webhook (SubjectAccessReview request) to the API server
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user