我试图从我的kuberentes api服务器禁用tls身份验证(https): 这是kube-apiserver配置:
apiVersion: v1
kind: Pod
metadata:
name: kube-apiserver
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-apiserver
image: "bcmt-registry:5000/gcr.io/google-containers/kube-apiserver-amd64:v1.9.2"
command:
- /usr/local/bin/kube-apiserver
- --insecure-bind-address=127.0.0.1
- --apiserver-count=1
- --etcd-servers=https://172.16.1.7:2379
- --etcd-cafile=/etc/etcd/ssl/ca.pem
- --etcd-certfile=/etc/etcd/ssl/etcd-client.pem
- --etcd-keyfile=/etc/etcd/ssl/etcd-client-key.pem
- --allow-privileged=true
- --service-cluster-ip-range=10.254.0.0/16
- --secure_port=8443
- --insecure_port=8085
- --advertise-address=172.16.1.7
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
- --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
- --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --client-ca-file=/etc/kubernetes/ssl/ca.pem
- --service-account-key-file=/etc/kubernetes/ssl/serviceaccount-key.pem
- --kubelet-client-certificate=/etc/kubernetes/ssl/kubelet.pem
- --kubelet-client-key=/etc/kubernetes/ssl/kubelet-key.pem
- --runtime-config=extensions/v1beta1/daemonsets=true
- --cloud-provider=openstack
- --cloud-config=/etc/kubernetes/cloud.conf
- --v=1
- --authorization-mode=RBAC
- --runtime-config=rbac.authorization.k8s.io/v1beta1
ports:
- containerPort: 8443
hostPort: 8443
protocol: TCP
name: http
- containerPort: 8085
hostPort: 8085
protocol: TCP
name: local
volumeMounts:
- mountPath: /etc/kubernetes
name: etc-kubernetes
readOnly: true
- mountPath: /etc/etcd/ssl
name: secret-etcd
readOnly: true
volumes:
- hostPath:
path: /etc/kubernetes
name: etc-kubernetes
- hostPath:
path: /etc/etcd/ssl
name: secret-etcd
我希望能够使用此请求curl -v http://172.16.1.7:8443访问api服务器,而无需使用证书和密钥或--insecure模式;任何提示请如何禁用所有这些, 提前谢谢
答案 0 :(得分:0)
我不建议您使用不安全模式,但为了启用它,您有2个CLI options:
--insecure-port设置将以不安全模式绑定的端口--insecure-bind-address设置端口绑定的地址。