From f9807798f393721b1f0f73d8feed4bf0a9cefb4a Mon Sep 17 00:00:00 2001 From: Alexander Block Date: Tue, 13 Dec 2016 17:06:53 +0100 Subject: [PATCH] Pass --anonymous-auth to apiserver Fixes #732 --- inventory/group_vars/all.yml | 5 +++++ .../master/templates/manifests/kube-apiserver.manifest.j2 | 3 +++ 2 files changed, 8 insertions(+) diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 65b65fe39..27489b85b 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -21,6 +21,11 @@ kube_cert_group: kube-cert # Cluster Loglevel configuration kube_log_level: 2 +# Kubernetes 1.5 added a new flag to the apiserver to disable anonymous auth. In previos versions, anonymous auth was +# not implemented. As the new flag defaults to true, we have to explicetely disable it. Change this line if you want the +# 1.5 default behavior. The flag is actually only added if the used kubernetes version is >= 1.5 +kube_api_anonymous_auth: false + # Users to create for basic auth in Kubernetes API via HTTP kube_api_pwd: "changeme" kube_users: diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 index 530b009c6..c255f8897 100644 --- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 @@ -48,6 +48,9 @@ spec: - --cloud-config={{ kube_config_dir }}/cloud_config {% elif cloud_provider is defined and cloud_provider == "aws" %} - --cloud-provider={{ cloud_provider }} +{% endif %} +{% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=') %} + - --anonymous-auth={{ kube_api_anonymous_auth }} {% endif %} livenessProbe: httpGet: