Protect the Kubelet API

Setting required to prevent: https://github.com/kayrus/kubelet-exploit
pull/208/head
bgeesaman 2017-09-01 23:45:42 -04:00 committed by GitHub
parent 4ca7c45046
commit 12ce8c5a89
1 changed files with 1 additions and 0 deletions

View File

@ -185,6 +185,7 @@ Requires=crio.service
[Service] [Service]
ExecStart=/usr/local/bin/kubelet \\ ExecStart=/usr/local/bin/kubelet \\
--authorization-mode=Webhook \\
--allow-privileged=true \\ --allow-privileged=true \\
--cluster-dns=10.32.0.10 \\ --cluster-dns=10.32.0.10 \\
--cluster-domain=cluster.local \\ --cluster-domain=cluster.local \\