github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-09 12:07:47 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #58178 from mikedanese/token-auth

Browse Source 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

enable token authentication for kubelets in GCE

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-04-12 15:06:07 -07:00 committed by GitHub
commit 72b7dacf07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/gce/util.sh
View File

@ -571,8 +571,11 @@ function construct-kubelet-flags {
[[ "${HAIRPIN_MODE:-}" == "none" ]]; then
flags+=" --hairpin-mode=${HAIRPIN_MODE}"
fi
flags+=" --anonymous-auth=false"
flags+=" --authentication-token-webhook"
flags+=" --authorization-mode=Webhook"
# Keep client-ca-file in sync with CA_CERT_BUNDLE_PATH in configure-helper.sh
flags+=" --anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/etc/srv/kubernetes/pki/ca-certificates.crt"
flags+=" --client-ca-file=/etc/srv/kubernetes/pki/ca-certificates.crt"
fi
# Network plugin
if [[ -n "${NETWORK_PROVIDER:-}" || -n "${NETWORK_POLICY_PROVIDER:-}" ]]; then