Skip to content
Snippets Groups Projects
Commit 2cd25495 authored by woopstar's avatar woopstar Committed by Andreas Kruger
Browse files

Remove defaults of allowed names. Updated kubeadm

parent 4dab92ce
No related branches found
No related tags found
No related merge requests found
...@@ -56,10 +56,6 @@ apiServerExtraArgs: ...@@ -56,10 +56,6 @@ apiServerExtraArgs:
allow-privileged: "true" allow-privileged: "true"
{% if kube_version | version_compare('1.9', '>=') %} {% if kube_version | version_compare('1.9', '>=') %}
requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem" requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem"
requestheader-allowed-names: "{{ kube_api_requestheader_allowed_names }}"
requestheader-extra-headers-prefix: "X-Remote-Extra-"
requestheader-group-headers: "X-Remote-Group"
requestheader-username-headers: "X-Remote-User"
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}" enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem" proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem"
proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem" proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem"
......
...@@ -102,7 +102,7 @@ spec: ...@@ -102,7 +102,7 @@ spec:
{% endif %} {% endif %}
{% if kube_version | version_compare('1.9', '>=') %} {% if kube_version | version_compare('1.9', '>=') %}
- --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem - --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem
- --requestheader-allowed-names={{ kube_api_requestheader_allowed_names }} - --requestheader-allowed-names=front-proxy-client
- --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group - --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User - --requestheader-username-headers=X-Remote-User
......
...@@ -122,8 +122,7 @@ kube_apiserver_port: 6443 ...@@ -122,8 +122,7 @@ kube_apiserver_port: 6443
kube_apiserver_insecure_bind_address: 127.0.0.1 kube_apiserver_insecure_bind_address: 127.0.0.1
kube_apiserver_insecure_port: 8080 kube_apiserver_insecure_port: 8080
# Metrics server # Aggregator
kube_api_requestheader_allowed_names: "front-proxy-client"
kube_api_aggregator_routing: true kube_api_aggregator_routing: true
# Path used to store Docker data # Path used to store Docker data
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment