From 6424e5079fd29f377350df26f7768ef2bcd5f5a4 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 23 Apr 2023 00:01:44 +0200
Subject: kubernetes/standalone: install kubeletctl and enable x509 based auth

---
 roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'roles/kubernetes/standalone/base/templates')

diff --git a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2
index c4395631..ae26d04d 100644
--- a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2
+++ b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2
@@ -8,11 +8,15 @@ port: {{ kubernetes_standalone_port }}
 readOnlyPort: {{ kubernetes_standalone_readonly_port }}
 healthzBindAddress: {{ kubernetes_standalone_healthz_address }}
 healthzPort: {{ kubernetes_standalone_healthz_port }}
+tlsCertFile: /etc/ssl/standalone-kubelet/server/crt.pem
+tlsPrivateKeyFile: /etc/ssl/standalone-kubelet/server/key.pem
 authentication:
   anonymous:
-    enabled: true
+    enabled: false
   webhook:
     enabled: false
+  x509:
+    clientCAFile: /etc/ssl/standalone-kubelet/ca-crt.pem
 authorization:
   mode: AlwaysAllow
 maxPods: {{ kubernetes_standalone_max_pods }}
-- 
cgit v1.2.3