From 444b1dafdcacf4a46f447ed7fee30405857e5980 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 13 Dec 2016 17:06:53 +0100
Subject: [PATCH] Pass --anonymous-auth to apiserver

Fixes #732
---
 inventory/group_vars/all.yml                                 | 5 +++++
 .../master/templates/manifests/kube-apiserver.manifest.j2    | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 65b65fe39..27489b85b 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -21,6 +21,11 @@ kube_cert_group: kube-cert
 # Cluster Loglevel configuration
 kube_log_level: 2
 
+# Kubernetes 1.5 added a new flag to the apiserver to disable anonymous auth. In previos versions, anonymous auth was
+# not implemented. As the new flag defaults to true, we have to explicetely disable it. Change this line if you want the
+# 1.5 default behavior. The flag is actually only added if the used kubernetes version is >= 1.5
+kube_api_anonymous_auth: false
+
 # Users to create for basic auth in Kubernetes API via HTTP
 kube_api_pwd: "changeme"
 kube_users:
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 530b009c6..c255f8897 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -48,6 +48,9 @@ spec:
     - --cloud-config={{ kube_config_dir }}/cloud_config
 {% elif cloud_provider is defined and cloud_provider == "aws" %}
     - --cloud-provider={{ cloud_provider }}
+{% endif %}
+{% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=')  %}
+    - --anonymous-auth={{ kube_api_anonymous_auth }}
 {% endif %}
     livenessProbe:
       httpGet:
-- 
GitLab