Browse Source

[K8S] Enable --use-service-account-credentials

Enable the config --use-service-account-credentials=true. This is
necessary to support Pod Security Policy[1].

See
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/
for the option description, and more information here[2].

[1]: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#troubleshooting
[2]: https://docs.datadoghq.com/security_monitoring/default_rules/cis-kubernetes-1.5.1-1.3.3/

Change-Id: I053808fac72a63af7ebf6f33d94659134b6cbdac
(cherry picked from commit e9b4889670)
changes/20/783920/1
Lingxian Kong 2 weeks ago
parent
commit
ade228f5c9
1 changed files with 1 additions and 1 deletions
  1. +1
    -1
      magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh

+ 1
- 1
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh View File

@ -402,7 +402,7 @@ chmod 600 ${ADMIN_KUBECONFIG}
export KUBECONFIG=${ADMIN_KUBECONFIG}
# Add controller manager args
KUBE_CONTROLLER_MANAGER_ARGS="--leader-elect=true --kubeconfig=/etc/kubernetes/admin.conf"
KUBE_CONTROLLER_MANAGER_ARGS="--leader-elect=true --kubeconfig=/etc/kubernetes/admin.conf --use-service-account-credentials=true"
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cluster-name=${CLUSTER_UUID}"
KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --allocate-node-cidrs=true"
KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --cluster-cidr=${PODS_NETWORK_CIDR}"


Loading…
Cancel
Save