Add anonymous-auth=false and remove NodeRestriction

2019-08-26 21:36:56 -07:00 · 2019-08-26 21:36:56 -07:00 · a51a2eaaad
parent b24f214a50
commit a51a2eaaad
2 changed files with 2 additions and 2 deletions
--- a/pkg/daemons/agent/agent.go
+++ b/pkg/daemons/agent/agent.go
@ -56,7 +56,6 @@ func kubelet(cfg *config.Agent) {
 	argsMap := map[string]string{
 		"healthz-bind-address":     "127.0.0.1",
 		"read-only-port":           "0",
-		"allow-privileged":         "true",
 		"cluster-domain":           cfg.ClusterDomain,
 		"kubeconfig":               cfg.KubeConfigKubelet,
 		"eviction-hard":            "imagefs.available<5%,nodefs.available<5%",
@ -65,6 +64,7 @@ func kubelet(cfg *config.Agent) {
 		//"cgroup-root": "/k3s",
 		"cgroup-driver":                "cgroupfs",
 		"authentication-token-webhook": "true",
+		"anonymous-auth":               "false",
 		"authorization-mode":           modes.ModeWebhook,
 	}
 	if cfg.RootDir != "" {
--- a/pkg/daemons/control/server.go
+++ b/pkg/daemons/control/server.go
@ -182,7 +182,7 @@ func apiServer(ctx context.Context, cfg *config.Control, runtime *config.Control
 	argsMap["requestheader-group-headers"] = "X-Remote-Group"
 	argsMap["requestheader-username-headers"] = "X-Remote-User"
 	argsMap["client-ca-file"] = runtime.ClientCA
-	argsMap["enable-admission-plugins"] = "NodeRestriction"
+	argsMap["anonymous-auth"] = "false"

 	args := config.GetArgsList(argsMap, cfg.ExtraAPIArgs)