diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-04-23 00:01:44 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-04-23 00:01:44 +0200 |
commit | 6424e5079fd29f377350df26f7768ef2bcd5f5a4 (patch) | |
tree | 84b52a45492fb6a43916767a5f3f5cb61fb92ea9 /roles/kubernetes/standalone/base/templates | |
parent | ch-equinox-* add k9s and kubeletctl (diff) |
kubernetes/standalone: install kubeletctl and enable x509 based auth
Diffstat (limited to 'roles/kubernetes/standalone/base/templates')
-rw-r--r-- | roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 index c4395631..ae26d04d 100644 --- a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 +++ b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 @@ -8,11 +8,15 @@ port: {{ kubernetes_standalone_port }} readOnlyPort: {{ kubernetes_standalone_readonly_port }} healthzBindAddress: {{ kubernetes_standalone_healthz_address }} healthzPort: {{ kubernetes_standalone_healthz_port }} +tlsCertFile: /etc/ssl/standalone-kubelet/server/crt.pem +tlsPrivateKeyFile: /etc/ssl/standalone-kubelet/server/key.pem authentication: anonymous: - enabled: true + enabled: false webhook: enabled: false + x509: + clientCAFile: /etc/ssl/standalone-kubelet/ca-crt.pem authorization: mode: AlwaysAllow maxPods: {{ kubernetes_standalone_max_pods }} |