feat: set some auth flags for KCM and KS

Set `--authentication-kubeconfig` and `--authorization-kubeconfig` to enable
metrics to be grabbed from the secure port.

Signed-off-by: Jian Zeng <zengjian.zj@bytedance.com>
This commit is contained in:
Jian Zeng 2021-05-12 22:47:53 +08:00
parent 9aa6f0bc47
commit 6c9ab10872
No known key found for this signature in database
GPG Key ID: 1040B69865E7D86C

View File

@ -654,6 +654,8 @@ function start_controller_manager {
--pvclaimbinder-sync-period="${CLAIM_BINDER_SYNC_PERIOD}" \
--feature-gates="${FEATURE_GATES}" \
"${cloud_config_arg[@]}" \
--authentication-kubeconfig "${CERT_DIR}"/controller.kubeconfig \
--authorization-kubeconfig "${CERT_DIR}"/controller.kubeconfig \
--kubeconfig "${CERT_DIR}"/controller.kubeconfig \
--use-service-account-credentials \
--controllers="${KUBE_CONTROLLERS}" \
@ -917,6 +919,8 @@ EOF
--v="${LOG_LEVEL}" \
--config=/tmp/kube-scheduler.yaml \
--feature-gates="${FEATURE_GATES}" \
--authentication-kubeconfig "${CERT_DIR}"/scheduler.kubeconfig \
--authorization-kubeconfig "${CERT_DIR}"/scheduler.kubeconfig \
--master="https://${API_HOST}:${API_SECURE_PORT}" >"${SCHEDULER_LOG}" 2>&1 &
SCHEDULER_PID=$!
}