Code Review / ta / caas-kubernetes.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Security: disable kubelet debugging handlers flag
[ta/caas-kubernetes.git] / ansible / roles / kubelet / defaults / main.yaml
diff --git a/ansible/roles/kubelet/defaults/main.yaml b/ansible/roles/kubelet/defaults/main.yaml
index 7ce5660..c9634b3 100644 (file)
--- a/ansible/roles/kubelet/defaults/main.yaml
+++ b/ansible/roles/kubelet/defaults/main.yaml
@@ -18,12 +18,13 @@ kubelet_healthcheck_port: 10248
 kubelet_kubeconfig_path: "{% if nodename | search('caas_master') %}/etc/kubernetes/kubeconfig/kubeletc.yml{% else %}/root/kubeletc.yml{% endif %}"
 
 common_kubelet_params:
-  - "--hostname-override={{ networking.infra_internal.ip }}"
+  - "--hostname-override={{ hostname }}"
   - "--kubeconfig={{ kubelet_kubeconfig_path }}"
   - "--network-plugin=cni"
   - "--node-labels={{ lookup('template', 'node_labels.j2') | trim }}"
   - "--pod-infra-container-image={{ container_image_names | select('search', '/kubernetespause') | list | last }}"
   - "--register-node=true"
+  - "--enable-debugging-handlers=false"
 
 master_kubelet_params:
   - "--config=/etc/kubernetes/kubeconfig/master-config.yaml"
packages, configures, and integrates the major components of the Kubernetes management plane (https://github.com/kubernetes/kubernetes ). Includes the code related to deploying the API server, scheduler, controller-manager, kube-proxy, and kubelet components.