github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-07 20:21:20 +00:00
Code Issues Projects Releases Wiki Activity

Switch kube-scheduler to secure API access

Browse Source
This commit is contained in:
Jordan Liggitt
2017-02-11 16:12:53 -05:00
parent 9f8b803de8
commit cc11d7367a
6 changed files with 114 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hack/local-up-cluster.sh
View File

@@ -402,11 +402,10 @@ function start_apiserver {
kube::util::create_signing_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" client '"client auth"'
# Create client certs signed with client-ca, given id, given CN and a number of groups
# NOTE: system:masters will be removed in the future
kube::util::create_client_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" 'client-ca' kubelet system:node:${HOSTNAME_OVERRIDE} system:nodes
kube::util::create_client_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" 'client-ca' kube-proxy system:kube-proxy system:nodes
kube::util::create_client_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" 'client-ca' controller system:kube-controller-manager
kube::util::create_client_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" 'client-ca' scheduler system:scheduler system:masters
kube::util::create_client_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" 'client-ca' scheduler system:kube-scheduler
kube::util::create_client_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" 'client-ca' admin system:admin system:masters
# Create auth proxy client ca