Add kube anon auth settings to kubeadm config templates (#4713)

* Disable kube_api_anonymous_auth by default to secure the setup * Disable metrics-server in addons. Health endpoint is slow and unstable * Fix anonymous-auth missing in configuration * Cleanup a bit * Fix kube anon auth

Add kube anon auth settings to kubeadm config templates (#4713)
bf3c6aee · Andreas Krüger · Kubernetes Prow Robot · 03bded2b · bf3c6aee · bf3c6aee
Commit bf3c6aee authored 5 years ago by Andreas Krüger Committed by Kubernetes Prow Robot 5 years ago
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
@@ -50,6 +50,9 @@ certificatesDir: {{ kube_cert_dir }}
 imageRepository: {{ kube_image_repo }}
 unifiedControlPlaneImage: ""
 apiServerExtraArgs:
+{% if kube_api_anonymous_auth is defined and kube_version is version('v1.5', '>=')  %}
+  anonymous-auth: "{{ kube_api_anonymous_auth }}"
+{% endif %}
  authorization-mode: {{ authorization_modes | join(',') }}
  bind-address: {{ kube_apiserver_bind_address }}
 {% if kube_apiserver_insecure_port|string != "0" %}

--- a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
@@ -47,6 +47,9 @@ imageRepository: {{ kube_image_repo }}
 useHyperKubeImage: false
 apiServer:
  extraArgs:
+{% if kube_api_anonymous_auth is defined and kube_version is version('v1.5', '>=')  %}
+    anonymous-auth: "{{ kube_api_anonymous_auth }}"
+{% endif %}
    authorization-mode: {{ authorization_modes | join(',') }}
    bind-address: {{ kube_apiserver_bind_address }}
 {% if kube_apiserver_insecure_port|string != "0" %}

--- a/tests/testcases/030_check-network.yml
+++ b/tests/testcases/030_check-network.yml
@@ -90,6 +90,3 @@
    with_nested:
    - "{{ pod_names }}"
    - "{{ pod_ips }}"
-
-  - name: Delete test namespace
-    shell: "{{ bin_dir }}/kubectl delete namespace test"