External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-19 04:00:11 -03:30
Code Issues Packages Projects Releases Wiki Activity

Remove deprecated (and removed in 1.19) flag and function --basic-auth-file (#6655)

Browse Source
This commit is contained in:
Florian Ruynat
2020-09-11 09:30:14 +02:00
committed by GitHub
parent 1765c9125a
commit a556f8f2bf
12 changed files with 4 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
View File

@@ -189,7 +189,7 @@ spec:
{% if dashboard_skip_login %}
- --enable-skip-login
{% endif %}
- --authentication-mode=token{% if kube_basic_auth|default(false) %},basic{% endif %}
- --authentication-mode=token
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.

1
roles/kubernetes/master/defaults/main/main.yml
View File

@@ -95,7 +95,6 @@ kube_apiserver_disable_admission_plugins: []
kube_api_runtime_config: []
## Enable/Disable Kube API Server Authentication Methods
kube_basic_auth: false
kube_token_auth: false
kube_oidc_auth: false
kube_webhook_token_auth: false

4
roles/kubernetes/master/tasks/main.yml
View File

@@ -3,10 +3,6 @@
tags:
- k8s-pre-upgrade
- import_tasks: users-file.yml
when:
- kube_basic_auth|default(true)
- name: Create webhook token auth config
template:
src: webhook-token-auth-config.yaml.j2

14
roles/kubernetes/master/tasks/users-file.yml
View File

@@ -1,14 +0,0 @@
---
- name: Make sure the users directory exits
file:
path: "{{ kube_users_dir }}"
state: directory
mode: o-rwx
group: "{{ kube_cert_group }}"
- name: Populate users for basic auth in API
template:
src: known_users.csv.j2
dest: "{{ kube_users_dir }}/known_users.csv"
mode: 0640
backup: yes

4
roles/kubernetes/master/templates/known_users.csv.j2
View File

@@ -1,4 +0,0 @@
{% for user in kube_users %}
{{kube_users[user].pass}},{{user}},{{kube_users[user].role}}{% if kube_users[user].groups is defined %},{% set groups_csv = kube_users[user].groups|join(',') -%}"{{groups_csv}}"{% endif %}
{% endfor %}

10
roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
View File

@@ -126,9 +126,6 @@ apiServer:
profiling: "{{ kube_profiling }}"
request-timeout: "{{ kube_apiserver_request_timeout }}"
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
{% if kube_basic_auth|default(true) %}
basic-auth-file: {{ kube_users_dir }}/known_users.csv
{% endif %}
{% if kube_token_auth|default(true) %}
token-auth-file: {{ kube_token_dir }}/known_tokens.csv
{% endif %}
@@ -202,18 +199,13 @@ apiServer:
{% if kubelet_rotate_server_certificates %}
kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt
{% endif %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
{% if kubernetes_audit or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
extraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
- name: cloud-config
hostPath: {{ kube_config_dir }}/cloud_config
mountPath: {{ kube_config_dir }}/cloud_config
{% endif %}
{% if kube_basic_auth|default(true) %}
- name: basic-auth-config
hostPath: {{ kube_users_dir }}
mountPath: {{ kube_users_dir }}
{% endif %}
{% if kube_token_auth|default(true) %}
- name: token-auth-config
hostPath: {{ kube_token_dir }}

11
roles/kubespray-defaults/defaults/main.yaml
View File

@@ -133,10 +133,6 @@ kube_cert_compat_dir: "/etc/kubernetes/pki"
# This is where all of the bearer tokens will be stored
kube_token_dir: "{{ kube_config_dir }}/tokens"
# This is where to save basic auth file
kube_users_dir: "{{ kube_config_dir }}/users"
# This is the group that the cert creation scripts chgrp the
# cert files to. Not really changeable...
kube_cert_group: kube-cert
@@ -144,13 +140,6 @@ kube_cert_group: kube-cert
# Cluster Loglevel configuration
kube_log_level: 2
# Users to create for basic auth in Kubernetes API via HTTP
kube_api_pwd: "changeme"
kube_users:
kube:
pass: "{{kube_api_pwd}}"
role: admin
# Choose network plugin (cilium, calico, weave or flannel)
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
kube_network_plugin: calico