From a51a2eaaaddba671e30a266c0aaffe049f9db4e2 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Mon, 26 Aug 2019 21:36:56 -0700 Subject: [PATCH] Add anonymous-auth=false and remove NodeRestriction --- pkg/daemons/agent/agent.go | 2 +- pkg/daemons/control/server.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/daemons/agent/agent.go b/pkg/daemons/agent/agent.go index f7f5870f20e..6f4d1101d8b 100644 --- a/pkg/daemons/agent/agent.go +++ b/pkg/daemons/agent/agent.go @@ -56,7 +56,6 @@ func kubelet(cfg *config.Agent) { argsMap := map[string]string{ "healthz-bind-address": "127.0.0.1", "read-only-port": "0", - "allow-privileged": "true", "cluster-domain": cfg.ClusterDomain, "kubeconfig": cfg.KubeConfigKubelet, "eviction-hard": "imagefs.available<5%,nodefs.available<5%", @@ -65,6 +64,7 @@ func kubelet(cfg *config.Agent) { //"cgroup-root": "/k3s", "cgroup-driver": "cgroupfs", "authentication-token-webhook": "true", + "anonymous-auth": "false", "authorization-mode": modes.ModeWebhook, } if cfg.RootDir != "" { diff --git a/pkg/daemons/control/server.go b/pkg/daemons/control/server.go index eacef8b72d3..150ccd67e23 100644 --- a/pkg/daemons/control/server.go +++ b/pkg/daemons/control/server.go @@ -182,7 +182,7 @@ func apiServer(ctx context.Context, cfg *config.Control, runtime *config.Control argsMap["requestheader-group-headers"] = "X-Remote-Group" argsMap["requestheader-username-headers"] = "X-Remote-User" argsMap["client-ca-file"] = runtime.ClientCA - argsMap["enable-admission-plugins"] = "NodeRestriction" + argsMap["anonymous-auth"] = "false" args := config.GetArgsList(argsMap, cfg.ExtraAPIArgs)