-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds a number of flags/options #4799
Conversation
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
CLA is signed. |
/ok-to-test |
d6aad3f
to
10ed493
Compare
10ed493
to
2f376b7
Compare
// CAdvisorPort The port of the localhost cAdvisor endpoint (set to 0 to disable) (default 4194) | ||
CAdvisorPort *int32 `json:"cadvisorPort,omitempty" flag:"cadvisor-port"` | ||
// ProtectKernelDefaults Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. | ||
ProtectKernelDefaults *bool `json:"protectKernelDefaults,omitempty" flag:"protect-kernel-defaults"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should any of these be documented? None jump out to me as something most users would adjust but worth thinking about.
// DisableBasicAuth removes the --basic-auth-file flag | ||
DisableBasicAuth bool `json:"disableBasicAuth,omitempty"` | ||
// EnableTokenAuth removes the --token-auth-file flag | ||
DisableTokenAuth bool `json:"disableTokenAuth,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we get docs for these included in this commit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've updated the commit to include docs for these two options.
Looks pretty good, thanks for the contribution @valdisrigdon! /assign |
2f376b7
to
d1be2ab
Compare
Great thanks so much @valdisrigdon! |
We are close to 1.9, so we are probably going to hold this for 1.10. The 1.10 is going to be a pretty quick turn around. |
Agreed @chrislovecnm :) |
Can this merge now that 1.9.0 is cut? |
/assign @chrislovecnm Mind taking another look at this? |
Can we get this rebased? Ping me on slack and I will take a look after a rebase. Thanks |
Any update? |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
So, has this been added, yet? |
This PR would be important for my org. Let me know if I can help getting this merged (as a non-KOPS-committer). |
how long before merging this ? can someone give an update ? |
Any updates on this? |
+1 |
Are there any updates on this? Something one could do to speed this up? |
Any updates? I'm doing some hardening to my cluster |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle-rotten |
With #8967 merged and no activity here for quite some time, I guess this one can be closed now. |
Thanks @olemarkus agreed. /close |
@mikesplain: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
These flags are required to comply with various parts of the CIS Kubernetes Benchmark.
The ability to disable basic and token auth are parts of the CIS Kubernetes Benchmark, but that isn't as simple as a flag, so it's added as a second commit.