kubernetes/standalone: install kubeletctl and enable x509 based auth

author: Christian Pointner <equinox@spreadspace.org> 2023-04-23 00:01:44 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2023-04-23 00:01:44 +0200
commit: 6424e5079fd29f377350df26f7768ef2bcd5f5a4 (patch)
tree: 84b52a45492fb6a43916767a5f3f5cb61fb92ea9 /roles/kubernetes/standalone/base/templates
parent: ch-equinox-* add k9s and kubeletctl (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2
index c4395631..ae26d04d 100644
--- a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2
+++ b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2
@@ -8,11 +8,15 @@ port: {{ kubernetes_standalone_port }}
 readOnlyPort: {{ kubernetes_standalone_readonly_port }}
 healthzBindAddress: {{ kubernetes_standalone_healthz_address }}
 healthzPort: {{ kubernetes_standalone_healthz_port }}
+tlsCertFile: /etc/ssl/standalone-kubelet/server/crt.pem
+tlsPrivateKeyFile: /etc/ssl/standalone-kubelet/server/key.pem
 authentication:
   anonymous:
-    enabled: true
+    enabled: false
   webhook:
     enabled: false
+  x509:
+    clientCAFile: /etc/ssl/standalone-kubelet/ca-crt.pem
 authorization:
   mode: AlwaysAllow
 maxPods: {{ kubernetes_standalone_max_pods }}
author	Christian Pointner <equinox@spreadspace.org>	2023-04-23 00:01:44 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2023-04-23 00:01:44 +0200
commit	6424e5079fd29f377350df26f7768ef2bcd5f5a4 (patch)
tree	84b52a45492fb6a43916767a5f3f5cb61fb92ea9 /roles/kubernetes/standalone/base/templates
parent	ch-equinox-* add k9s and kubeletctl (diff)