Lubomir I. Ivanov e142bf6203 kubeadm: enable secure serving for the kube-scheduler ...

Secure serving was already enabled for kube-controller-manager.
Do the same for kube-scheduler, by passing the flags
"authentication-kubeconfig" and "authorization-kubeconfig"
to the binary in the static Pod.

This change allows the scheduler to perform reviews on incoming
requests, such as:
- authentication.k8s.io/v1beta1 TokenReview
- authorization.k8s.io/v1 SubjectAccessReview

The authentication and authorization checks for "system:kube-scheduler"
users were previously enabled by PR 72491.

2019-08-03 19:15:32 +03:00

8.7 KiB

Raw Blame History

View Raw