From 2cd254954cc3b78f2fa8cbc516e0ea7e2be377a8 Mon Sep 17 00:00:00 2001
From: woopstar <andreas@kruger.nu>
Date: Wed, 7 Feb 2018 10:07:46 +0100
Subject: [PATCH] Remove defaults of allowed names. Updated kubeadm

---
 roles/kubernetes/master/templates/kubeadm-config.yaml.j2      | 4 ----
 .../master/templates/manifests/kube-apiserver.manifest.j2     | 2 +-
 roles/kubespray-defaults/defaults/main.yaml                   | 3 +--
 3 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/roles/kubernetes/master/templates/kubeadm-config.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.yaml.j2
index e25804e66..e489bb115 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.yaml.j2
@@ -56,10 +56,6 @@ apiServerExtraArgs:
   allow-privileged: "true"
 {% if kube_version | version_compare('1.9', '>=') %}
   requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem"
-  requestheader-allowed-names: "{{ kube_api_requestheader_allowed_names }}"
-  requestheader-extra-headers-prefix: "X-Remote-Extra-"
-  requestheader-group-headers: "X-Remote-Group"
-  requestheader-username-headers: "X-Remote-User"
   enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
   proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem"
   proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem"
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index d6f065ea5..f499e1a7d 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -102,7 +102,7 @@ spec:
 {% endif %}
 {% if kube_version | version_compare('1.9', '>=') %}
     - --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem
-    - --requestheader-allowed-names={{ kube_api_requestheader_allowed_names }}
+    - --requestheader-allowed-names=front-proxy-client
     - --requestheader-extra-headers-prefix=X-Remote-Extra-
     - --requestheader-group-headers=X-Remote-Group
     - --requestheader-username-headers=X-Remote-User
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index efec7bd3d..a76bfcc9f 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -122,8 +122,7 @@ kube_apiserver_port: 6443
 kube_apiserver_insecure_bind_address: 127.0.0.1
 kube_apiserver_insecure_port: 8080
 
-# Metrics server
-kube_api_requestheader_allowed_names: "front-proxy-client"
+# Aggregator
 kube_api_aggregator_routing: true
 
 # Path used to store Docker data
-- 
GitLab