Kubelet should only allow explicitly authorized requests
Set up the kubernetes integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
Explicit authorization should be enabled. Kubelets, by default, allow all authenticated requests (even anonymous ones) without needing explicit authorization checks from the API server.
- If using a Kubelet config file, edit the file to set
authorization: Webhook. - If using executable arguments, edit the kubelet service file
/etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameter in the KUBELET_AUTHZ_ARGS variable.
--authorization-mode=Webhook
- Restart the kubelet service.
