From a720c2b121150fff6da24efb1e49ff05f92f9868 Mon Sep 17 00:00:00 2001
From: Hadi Azaddel <h.azaddel@asax.ir>
Date: Mon, 10 Jun 2024 18:25:20 +0330
Subject: [PATCH] Add Node IPs to kubelet systemd service allowed IP addresses
 for cluster hardening

---
 docs/operations/hardening.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operations/hardening.md b/docs/operations/hardening.md
index 2cf54850b3f..658698ac441 100644
--- a/docs/operations/hardening.md
+++ b/docs/operations/hardening.md
@@ -107,7 +107,7 @@ kubelet_systemd_hardening: true
 # IP addresses, kubelet_secure_addresses allows you
 # to specify the IP from which the kubelet
 # will receive the packets.
-kubelet_secure_addresses: "localhost link-local {{ kube_pods_subnet }} 192.168.10.110 192.168.10.111 192.168.10.112"
+kubelet_secure_addresses: "localhost link-local {{ kube_pods_subnet }} {{ groups['all'] | map('extract', hostvars, ['ansible_host']) | join(' ') }}""
 
 # additional configurations
 kube_owner: root