Skip to content

Commit

Permalink
disable kubelet_authorization_mode_webhook by default (#9238)
Browse files Browse the repository at this point in the history
  • Loading branch information
cristicalin authored Aug 31, 2022
1 parent 5603f9f commit 6db6c86
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
1 change: 0 additions & 1 deletion docs/hardening.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ kube_kubeadm_scheduler_extra_args:
etcd_deployment_type: kubeadm

## kubelet
kubelet_authorization_mode_webhook: true
kubelet_authentication_token_webhook: true
kube_read_only_port: 0
kubelet_rotate_server_certificates: true
Expand Down
2 changes: 1 addition & 1 deletion roles/kubespray-defaults/defaults/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -474,7 +474,7 @@ rbac_enabled: "{{ 'RBAC' in authorization_modes }}"
kubelet_authentication_token_webhook: true

# When enabled, access to the kubelet API requires authorization by delegation to the API server
kubelet_authorization_mode_webhook: true
kubelet_authorization_mode_webhook: false

# kubelet uses certificates for authenticating to the Kubernetes API
# Automatically generate a new key and request a new certificate from the Kubernetes API as the current certificate approaches expiration
Expand Down

0 comments on commit 6db6c86

Please sign in to comment.