Hi k8sters, Comparing the results of kubeadm vs the custom-cluster-from-scratch guide (CCSG), I was wondering at this point of the CCSG
"If you are using the HTTPS approach, then set: - --client-ca-file=/srv/kubernetes/ca.crt - --token-auth-file=/srv/kubernetes/known_tokens.csv - --basic-auth-file=/srv/kubernetes/basic_auth.csv" how come kubeadm succeeds without any sort of token file (no --token-auth-file passed to kube-apiserver). Some thoughts? 1. kubectl works because the client cert is in the group system:masters so has cluster-admin rights 2. A token file is only necesary when we want to expand to additional users without using client certs, HOWEVER, 3. kubeadm's kube-apiserver is not configured to use tokens, so all users must have client certs Regards BeaverY -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
