mirror of https://github.com/k3s-io/k3s
Merge pull request #76578 from SataQiu/fix-kubeadm-issue-1493
[kubeadm] fix kubelet config bug for kubeadm init phasek3s-v1.15.3
Kubernetes Prow Robot
GitHub
commit
85015461b7
|
|
@ -17,6 +17,8 @@ limitations under the License.
|
|||
package componentconfigs
|
||||
|
||||
import (
|
||||
"path/filepath"
|
||||
|
||||
kubeproxyconfigv1alpha1 "k8s.io/kube-proxy/config/v1alpha1"
|
||||
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
|
|
@ -88,7 +90,7 @@ func DefaultKubeletConfiguration(internalcfg *kubeadmapi.ClusterConfiguration) {
|
|||
// Enforce security-related kubelet options
|
||||
|
||||
// Require all clients to the kubelet API to have client certs signed by the cluster CA
|
||||
externalkubeletcfg.Authentication.X509.ClientCAFile = kubeadmapiv1beta1.DefaultCACertPath
|
||||
externalkubeletcfg.Authentication.X509.ClientCAFile = filepath.Join(internalcfg.CertificatesDir, constants.CACertName)
|
||||
externalkubeletcfg.Authentication.Anonymous.Enabled = utilpointer.BoolPtr(false)
|
||||
|
||||
// On every client request to the kubelet API, execute a webhook (SubjectAccessReview request) to the API server
|
||||
|
|
|
|||
Loading…
Reference in New Issue