scl/kubespray
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove access to cluster from anonymous users (#11016)

Browse Source 
* feat: add user facing variable with default

* feat: remove rolebinding to anonymous users after init and upgrade

* feat: use file discovery for secondary control plane nodes

* feat: use file discovery for nodes

* fix: do not fail if rolebinding does not exist

* docs: add warning about kube_api_anonymous_auth

* style: improve readability of delegate_to parameter

* refactor: rename discovery kubeconfig file

* test: enable new variable in hardening and upgrade test cases

* docs: add option to config parameters

* test: multiple instances and upgrade
This commit is contained in:
Nicolas Goudry
2024-04-03 08:54:12 +02:00
committed by GitHub
parent fdf5988ea8
commit c6fcbf6ee0
14 changed files with 85 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
View File

@ -371,3 +371,6 @@ kubeadm_patches:
enabled: false
source_dir: "{{ inventory_dir }}/patches"
dest_dir: "{{ kube_config_dir }}/patches"
# Set to true to remove the role binding to anonymous users created by kubeadm
remove_anonymous_access: false