[K8S] Enable --use-service-account-credentials

Enable the config --use-service-account-credentials=true. This is
necessary to support Pod Security Policy[1].

See
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/
for the option description, and more information here[2].

[1]: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#troubleshooting
[2]: https://docs.datadoghq.com/security_monitoring/default_rules/cis-kubernetes-1.5.1-1.3.3/

Change-Id: I053808fac72a63af7ebf6f33d94659134b6cbdac
(cherry picked from commit e9b4889670)
This commit is contained in:
Lingxian Kong 2021-03-30 19:04:38 +13:00
parent 42f8c97bbf
commit c2a4a22ac8
1 changed files with 1 additions and 1 deletions

View File

@ -402,7 +402,7 @@ chmod 600 ${ADMIN_KUBECONFIG}
export KUBECONFIG=${ADMIN_KUBECONFIG} export KUBECONFIG=${ADMIN_KUBECONFIG}
# Add controller manager args # Add controller manager args
KUBE_CONTROLLER_MANAGER_ARGS="--leader-elect=true --kubeconfig=/etc/kubernetes/admin.conf" KUBE_CONTROLLER_MANAGER_ARGS="--leader-elect=true --kubeconfig=/etc/kubernetes/admin.conf --use-service-account-credentials=true"
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cluster-name=${CLUSTER_UUID}" KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cluster-name=${CLUSTER_UUID}"
KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --allocate-node-cidrs=true" KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --allocate-node-cidrs=true"
KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --cluster-cidr=${PODS_NETWORK_CIDR}" KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --cluster-cidr=${PODS_NETWORK_CIDR}"