Remove defaults of allowed names. Updated kubeadm
This commit is contained in:
parent
4dab92ce69
commit
2cd254954c
3 changed files with 2 additions and 7 deletions
|
@ -56,10 +56,6 @@ apiServerExtraArgs:
|
||||||
allow-privileged: "true"
|
allow-privileged: "true"
|
||||||
{% if kube_version | version_compare('1.9', '>=') %}
|
{% if kube_version | version_compare('1.9', '>=') %}
|
||||||
requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem"
|
requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem"
|
||||||
requestheader-allowed-names: "{{ kube_api_requestheader_allowed_names }}"
|
|
||||||
requestheader-extra-headers-prefix: "X-Remote-Extra-"
|
|
||||||
requestheader-group-headers: "X-Remote-Group"
|
|
||||||
requestheader-username-headers: "X-Remote-User"
|
|
||||||
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
|
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
|
||||||
proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem"
|
proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem"
|
||||||
proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem"
|
proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem"
|
||||||
|
|
|
@ -102,7 +102,7 @@ spec:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_version | version_compare('1.9', '>=') %}
|
{% if kube_version | version_compare('1.9', '>=') %}
|
||||||
- --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem
|
- --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem
|
||||||
- --requestheader-allowed-names={{ kube_api_requestheader_allowed_names }}
|
- --requestheader-allowed-names=front-proxy-client
|
||||||
- --requestheader-extra-headers-prefix=X-Remote-Extra-
|
- --requestheader-extra-headers-prefix=X-Remote-Extra-
|
||||||
- --requestheader-group-headers=X-Remote-Group
|
- --requestheader-group-headers=X-Remote-Group
|
||||||
- --requestheader-username-headers=X-Remote-User
|
- --requestheader-username-headers=X-Remote-User
|
||||||
|
|
|
@ -122,8 +122,7 @@ kube_apiserver_port: 6443
|
||||||
kube_apiserver_insecure_bind_address: 127.0.0.1
|
kube_apiserver_insecure_bind_address: 127.0.0.1
|
||||||
kube_apiserver_insecure_port: 8080
|
kube_apiserver_insecure_port: 8080
|
||||||
|
|
||||||
# Metrics server
|
# Aggregator
|
||||||
kube_api_requestheader_allowed_names: "front-proxy-client"
|
|
||||||
kube_api_aggregator_routing: true
|
kube_api_aggregator_routing: true
|
||||||
|
|
||||||
# Path used to store Docker data
|
# Path used to store Docker data
|
||||||
|
|
Loading…
Reference in a new issue