File tree 1 file changed +5
-1
lines changed
salt/metalk8s/kubernetes/apiserver
1 file changed +5
-1
lines changed Original file line number Diff line number Diff line change @@ -85,17 +85,21 @@ Create kube-apiserver Pod manifest:
8585 - kube- apiserver
8686 - -- advertise- address={{ host }}
8787 - -- allow- privileged=true
88+ - -- anonymous- auth=false
8889 - -- authorization- mode=Node,RBAC
8990 - -- client- ca- file =/ etc/ kubernetes/ pki/ ca.crt
90- - -- enable- admission- plugins=NodeRestriction
91+ - -- disable- admission- plugins=DenyServiceExternalIPs
92+ - -- enable- admission- plugins=NodeRestriction,AlwaysPullImages
9193 - -- enable- bootstrap- token- auth=true
9294 - -- etcd- cafile=/ etc/ kubernetes/ pki/ etcd/ ca.crt
9395 - -- etcd- certfile={{ certificates.client.files[' apiserver-etcd'
9496 - -- etcd- keyfile=/ etc/ kubernetes/ pki/ apiserver- etcd- client.key
9597 - -- etcd- servers={{ etcd_servers | join(" ,"
98+ - -- kubelet- certificate- authority=/ etc/ kubernetes/ pki/ ca.crt
9699 - -- kubelet- client- certificate={{ certificates.client.files[' apiserver-kubelet'
97100 - -- kubelet- client- key=/ etc/ kubernetes/ pki/ apiserver- kubelet- client.key
98101 - -- kubelet- preferred- address- types=InternalIP,ExternalIP,Hostname
102+ - -- profiling=false
99103 - -- proxy- client- cert- file ={{ certificates.client.files[' front-proxy'
100104 - -- proxy- client- key- file =/ etc/ kubernetes/ pki/ front- proxy- client.key
101105 - -- requestheader- allowed- names=front- proxy- client
You can’t perform that action at this time.
0 commit comments