Phil Sphicas fb36579e16 kube-apiserver: use HTTP probes instead of exec ... The existing exec probes for apiserver rely on things that do not exist in the official kubernetes release images (bash, socat). This change modifies the apiserver to use HTTP probes of the recommended liveness and readiness endpoints.[0] Also sets `--anonymous-auth=true` (the default setting), as kubelet is unable to provide a client certificate when performing the health check. RBAC rules apply, but unauthenticated users will be able to access the following endpoints: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:public-info-viewer rules: - nonResourceURLs: - /healthz - /livez - /readyz - /version - /version/ verbs: - get 0: https://v1-18.docs.kubernetes.io/docs/reference/using-api/health-checks/ Change-Id: I06d739c844fe85ec6cbf47d3bb69a39cd008ddd8		2020-09-28 03:27:58 +00:00
..
bin	Add -u to anchor scripts	2020-02-03 14:00:12 -06:00
etc	kube-apiserver: use HTTP probes instead of exec	2020-09-28 03:27:58 +00:00
configmap-bin.yaml	(apiserver) support key rotation	2019-04-29 09:31:24 -05:00
configmap-certs.yaml	Use separate CA for kubelet authorization	2018-08-28 09:38:34 -05:00
configmap-etc.yaml	Allow non-YAML config file content	2019-05-03 15:52:07 -05:00
daemonset.yaml	Add Docker default AppArmor profile to apiserver	2020-02-05 15:17:16 +00:00
ingress-api.yaml	Opening apiserver Via Ingress	2018-08-10 08:16:50 -05:00
job-key-rotate.yaml	Implement helm-toolkit snippet to apiserver and webhook pods/containers	2020-07-02 14:52:19 +00:00
rbac.yaml	Add Additional Liveness Probes for apiserver	2018-06-26 09:29:07 -05:00
secret-apiserver.yaml	Use separate CA for kubelet authorization	2018-08-28 09:38:34 -05:00
secret-ingress-tls.yaml	Opening apiserver Via Ingress	2018-08-10 08:16:50 -05:00
service-apiserver-ingress.yaml	Opening apiserver Via Ingress	2018-08-10 08:16:50 -05:00
service.yaml	Tolerate unready endpoints for apiserver service	2018-07-19 13:29:18 -05:00