From 12ce8c5a89053a53e0fe5e680fa416f7561c1a8e Mon Sep 17 00:00:00 2001 From: bgeesaman Date: Fri, 1 Sep 2017 23:45:42 -0400 Subject: [PATCH] Protect the Kubelet API Setting required to prevent: https://github.com/kayrus/kubelet-exploit --- docs/09-bootstrapping-kubernetes-workers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index c38761f..70d2085 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -185,6 +185,7 @@ Requires=crio.service [Service] ExecStart=/usr/local/bin/kubelet \\ + --authorization-mode=Webhook \\ --allow-privileged=true \\ --cluster-dns=10.32.0.10 \\ --cluster-domain=cluster.local \\