mirror of https://github.com/k3s-io/k3s
5b8d600d72
Automatic merge from submit-queue (batch tested with PRs 41919, 41149, 42350, 42351, 42285) Juju: Disable anonymous auth on kubelet **What this PR does / why we need it**: This disables anonymous authentication on kubelet when deployed via Juju. I've also adjusted a few other TLS options for kubelet and kube-apiserver. The end result is that: 1. kube-apiserver can now authenticate with kubelet 2. kube-apiserver now verifies the integrity of kubelet **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/219 **Special notes for your reviewer**: This is dependent on PR #41251, where the tactics changes are being merged in separately. Some useful pages from the documentation: * [apiserver -> kubelet](https://kubernetes.io/docs/admin/master-node-communication/#apiserver---kubelet) * [Kubelet authentication/authorization](https://kubernetes.io/docs/admin/kubelet-authentication-authorization/) **Release note**: ```release-note Juju: Disable anonymous auth on kubelet ``` |
||
|---|---|---|
| .. | ||
| kubeapi-load-balancer | ||
| kubernetes-e2e | ||
| kubernetes-master | ||
| kubernetes-worker | ||