The existing exec probes for apiserver rely on things that do not exist
in the official kubernetes release images (bash, socat).
This change modifies the apiserver to use HTTP probes of the recommended
liveness and readiness endpoints.[0]
Also sets `--anonymous-auth=true` (the default setting), as kubelet is
unable to provide a client certificate when performing the health check.
RBAC rules apply, but unauthenticated users will be able to access the
following endpoints:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:public-info-viewer
rules:
- nonResourceURLs:
- /healthz
- /livez
- /readyz
- /version
- /version/
verbs:
- get
0: https://v1-18.docs.kubernetes.io/docs/reference/using-api/health-checks/
Change-Id: I06d739c844fe85ec6cbf47d3bb69a39cd008ddd8