5b8d600d72
Automatic merge from submit-queue (batch tested with PRs 41919, 41149, 42350, 42351, 42285) Juju: Disable anonymous auth on kubelet **What this PR does / why we need it**: This disables anonymous authentication on kubelet when deployed via Juju. I've also adjusted a few other TLS options for kubelet and kube-apiserver. The end result is that: 1. kube-apiserver can now authenticate with kubelet 2. kube-apiserver now verifies the integrity of kubelet **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/219 **Special notes for your reviewer**: This is dependent on PR #41251, where the tactics changes are being merged in separately. Some useful pages from the documentation: * [apiserver -> kubelet](https://kubernetes.io/docs/admin/master-node-communication/#apiserver---kubelet) * [Kubelet authentication/authorization](https://kubernetes.io/docs/admin/kubelet-authentication-authorization/) **Release note**: ```release-note Juju: Disable anonymous auth on kubelet ```
Cluster Configuration
Deprecation Notice: This directory has entered maintenance mode and will not be accepting new providers. Please submit new automation deployments to kube-deploy. Deployments in this directory will continue to be maintained and supported at their current level of support.
The scripts and data in this directory automate creation and configuration of a Kubernetes cluster, including networking, DNS, nodes, and master components.
See the getting-started guides for examples of how to use the scripts.
cloudprovider/config-default.sh contains a set of tweakable definitions/parameters for the cluster.
The heavy lifting of configuring the VMs is done by SaltStack.