From 2cd254954cc3b78f2fa8cbc516e0ea7e2be377a8 Mon Sep 17 00:00:00 2001 From: woopstar Date: Wed, 7 Feb 2018 10:07:46 +0100 Subject: [PATCH] Remove defaults of allowed names. Updated kubeadm --- roles/kubernetes/master/templates/kubeadm-config.yaml.j2 | 4 ---- .../master/templates/manifests/kube-apiserver.manifest.j2 | 2 +- roles/kubespray-defaults/defaults/main.yaml | 3 +-- 3 files changed, 2 insertions(+), 7 deletions(-) diff --git a/roles/kubernetes/master/templates/kubeadm-config.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.yaml.j2 index e25804e66..e489bb115 100644 --- a/roles/kubernetes/master/templates/kubeadm-config.yaml.j2 +++ b/roles/kubernetes/master/templates/kubeadm-config.yaml.j2 @@ -56,10 +56,6 @@ apiServerExtraArgs: allow-privileged: "true" {% if kube_version | version_compare('1.9', '>=') %} requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem" - requestheader-allowed-names: "{{ kube_api_requestheader_allowed_names }}" - requestheader-extra-headers-prefix: "X-Remote-Extra-" - requestheader-group-headers: "X-Remote-Group" - requestheader-username-headers: "X-Remote-User" enable-aggregator-routing: "{{ kube_api_aggregator_routing }}" proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem" proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem" diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 index d6f065ea5..f499e1a7d 100644 --- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 @@ -102,7 +102,7 @@ spec: {% endif %} {% if kube_version | version_compare('1.9', '>=') %} - --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem - - --requestheader-allowed-names={{ kube_api_requestheader_allowed_names }} + - --requestheader-allowed-names=front-proxy-client - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index efec7bd3d..a76bfcc9f 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -122,8 +122,7 @@ kube_apiserver_port: 6443 kube_apiserver_insecure_bind_address: 127.0.0.1 kube_apiserver_insecure_port: 8080 -# Metrics server -kube_api_requestheader_allowed_names: "front-proxy-client" +# Aggregator kube_api_aggregator_routing: true # Path used to store Docker data