https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file says we need to add this flag to use static token authentication but does not show the procedure how to do it.
I have installed kubernetes using kubeadm
2
votes
1 Answers
3
votes
Well you have to pass the path where is static token file located on your host machine in directoy so that you can point to that file just like this. Edit the kubeapiserver.yaml file which is located at /etc/kubernetes/manifests and add the below flag. Once you edit the yaml file you will see something like this
--etcd-servers=http://127.0.0.1:2379
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota
--service-account-key-file=/srv/kubernetes/pubkey.pem
--service-cluster-ip-range=10.96.0.0/16
--allow-privileged=true
--authorization-mode=RBAC
--enable-bootstrap-token-auth=true
--token-auth-file=/path/where/yourfile/located/which/contain/tokens # here add your path
--client-ca-file=/var/lib/kubernetes/cacert.pem
--tls-cert-file=/var/lib/kubernetes/servercert.pem
--tls-private-key-file=/var/lib/kubernetes/serverkey.pem
--address=172.18.11.249
--insecure-bind-address=127.0.0.1
--advertise-address=172.18.11.249
--audit-log-maxage=30
--audit-log-maxsize=100
--audit-log-path=/var/log/kube-apiserver.log
--v=4
