Files
kubernetes/cmd/kubeadm/app/phases/selfhosting/podspec_mutation.go
Lubomir I. Ivanov e142bf6203 kubeadm: enable secure serving for the kube-scheduler
Secure serving was already enabled for kube-controller-manager.
Do the same for kube-scheduler, by passing the flags
"authentication-kubeconfig" and "authorization-kubeconfig"
to the binary in the static Pod.

This change allows the scheduler to perform reviews on incoming
requests, such as:
- authentication.k8s.io/v1beta1 TokenReview
- authorization.k8s.io/v1 SubjectAccessReview

The authentication and authorization checks for "system:kube-scheduler"
users were previously enabled by PR 72491.
2019-08-03 19:15:32 +03:00

8.7 KiB