Remove defaults of allowed names. Updated kubeadm

This commit is contained in:
woopstar 2018-02-07 10:07:46 +01:00 committed by Andreas Kruger
parent 4dab92ce69
commit 2cd254954c
3 changed files with 2 additions and 7 deletions

View file

@ -56,10 +56,6 @@ apiServerExtraArgs:
allow-privileged: "true" allow-privileged: "true"
{% if kube_version | version_compare('1.9', '>=') %} {% if kube_version | version_compare('1.9', '>=') %}
requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem" requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem"
requestheader-allowed-names: "{{ kube_api_requestheader_allowed_names }}"
requestheader-extra-headers-prefix: "X-Remote-Extra-"
requestheader-group-headers: "X-Remote-Group"
requestheader-username-headers: "X-Remote-User"
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}" enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem" proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem"
proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem" proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem"

View file

@ -102,7 +102,7 @@ spec:
{% endif %} {% endif %}
{% if kube_version | version_compare('1.9', '>=') %} {% if kube_version | version_compare('1.9', '>=') %}
- --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem - --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem
- --requestheader-allowed-names={{ kube_api_requestheader_allowed_names }} - --requestheader-allowed-names=front-proxy-client
- --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group - --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User - --requestheader-username-headers=X-Remote-User

View file

@ -122,8 +122,7 @@ kube_apiserver_port: 6443
kube_apiserver_insecure_bind_address: 127.0.0.1 kube_apiserver_insecure_bind_address: 127.0.0.1
kube_apiserver_insecure_port: 8080 kube_apiserver_insecure_port: 8080
# Metrics server # Aggregator
kube_api_requestheader_allowed_names: "front-proxy-client"
kube_api_aggregator_routing: true kube_api_aggregator_routing: true
# Path used to store Docker data # Path used to store Docker data