mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
Bind kubelet to all interfaces and use webhook auth
This commit is contained in:
parent
305b596745
commit
c9941895d6
@ -301,7 +301,7 @@ func get(envInfo *cmds.Agent) (*config.Node, error) {
|
||||
nodeConfig.AgentConfig.ClusterDomain = controlConfig.ClusterDomain
|
||||
nodeConfig.AgentConfig.ResolvConf = locateOrGenerateResolvConf(envInfo)
|
||||
nodeConfig.AgentConfig.CACertPath = clientCA
|
||||
nodeConfig.AgentConfig.ListenAddress = "127.0.0.1"
|
||||
nodeConfig.AgentConfig.ListenAddress = "0.0.0.0"
|
||||
nodeConfig.AgentConfig.KubeConfig = kubeConfig
|
||||
nodeConfig.AgentConfig.RootDir = filepath.Join(envInfo.DataDir, "kubelet")
|
||||
nodeConfig.CACerts = info.CACerts
|
||||
|
@ -16,6 +16,7 @@ import (
|
||||
"k8s.io/component-base/logs"
|
||||
app2 "k8s.io/kubernetes/cmd/kube-proxy/app"
|
||||
"k8s.io/kubernetes/cmd/kubelet/app"
|
||||
"k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"
|
||||
|
||||
_ "k8s.io/kubernetes/pkg/client/metrics/prometheus" // for client metric registration
|
||||
_ "k8s.io/kubernetes/pkg/version/prometheus" // for version metric registration
|
||||
@ -64,6 +65,7 @@ func kubelet(cfg *config.Agent) {
|
||||
//"cgroup-root": "/k3s",
|
||||
"cgroup-driver": "cgroupfs",
|
||||
"authentication-token-webhook": "true",
|
||||
"authorization-mode": modes.ModeWebhook,
|
||||
}
|
||||
if cfg.RootDir != "" {
|
||||
argsMap["root-dir"] = cfg.RootDir
|
||||
|
@ -455,8 +455,8 @@ func genTokenCerts(config *config.Control, runtime *config.ControlRuntime) error
|
||||
return err
|
||||
}
|
||||
|
||||
if err := createClientCertKey(regen, "kubernetes",
|
||||
nil, &certutil.AltNames{
|
||||
if err := createClientCertKey(regen, "kubernetes", []string{"system:masters"},
|
||||
&certutil.AltNames{
|
||||
DNSNames: []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes", "localhost"},
|
||||
IPs: []net.IP{apiServerServiceIP, localhostIP},
|
||||
}, x509KeyClientUsage,
|
||||
|
Loading…
Reference in New Issue
Block a user