scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 03:08:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable service account token lookup by default

Browse Source 
```release-note
kube-apiserver: --service-account-lookup now defaults to true. This enables service account tokens to be revoked by deleting the Secret object containing the token.
```
This commit is contained in:
Jordan Liggitt
2017-04-04 22:00:07 -04:00
parent 4d8ffb23ef
commit 0d2e5a0dd8
5 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/libvirt-coreos/util.sh
View File

@@ -26,7 +26,7 @@ source "$ROOT/${KUBE_CONFIG_FILE:-"config-default.sh"}"
source "$KUBE_ROOT/cluster/common.sh"
export LIBVIRT_DEFAULT_URI=qemu:///system
export SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-false}
export SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-true}
export ADMISSION_CONTROL=${ADMISSION_CONTROL:-NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,ResourceQuota}
readonly POOL=kubernetes
readonly POOL_PATH=/var/lib/libvirt/images/kubernetes

2
cluster/rackspace/cloud-config/master-cloud-config.yaml
View File

@@ -135,7 +135,7 @@ coreos:
--token-auth-file=/var/lib/kube-apiserver/known_tokens.csv \
--v=2 \
--service-account-key-file=/var/run/kubernetes/kube-serviceaccount.key \
--service-account-lookup=false \
--service-account-lookup=true \
--admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultTolerationSeconds,ResourceQuota
Restart=always
RestartSec=5