K
Q

how to disbale tls certificates and authentication to the kubernetes api server

4/20/2018

I'm trying to disable tls authentication (https) from my kuberentes api server: this is the kube-apiserver config :

apiVersion: v1
kind: Pod
metadata:
  name: kube-apiserver
  namespace: kube-system
spec:
  hostNetwork: true
  containers:
  - name: kube-apiserver
    image: "bcmt-registry:5000/gcr.io/google-containers/kube-apiserver-amd64:v1.9.2"
    command:
    - /usr/local/bin/kube-apiserver
    - --insecure-bind-address=127.0.0.1
    - --apiserver-count=1
    - --etcd-servers=https://172.16.1.7:2379
    - --etcd-cafile=/etc/etcd/ssl/ca.pem
    - --etcd-certfile=/etc/etcd/ssl/etcd-client.pem
    - --etcd-keyfile=/etc/etcd/ssl/etcd-client-key.pem
    - --allow-privileged=true
    - --service-cluster-ip-range=10.254.0.0/16
    - --secure_port=8443
    - --insecure_port=8085
    - --advertise-address=172.16.1.7
    - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
    - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
    - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
    - --client-ca-file=/etc/kubernetes/ssl/ca.pem
    - --service-account-key-file=/etc/kubernetes/ssl/serviceaccount-key.pem
    - --kubelet-client-certificate=/etc/kubernetes/ssl/kubelet.pem
    - --kubelet-client-key=/etc/kubernetes/ssl/kubelet-key.pem
    - --runtime-config=extensions/v1beta1/daemonsets=true
    - --cloud-provider=openstack
    - --cloud-config=/etc/kubernetes/cloud.conf
    - --v=1
    - --authorization-mode=RBAC
    - --runtime-config=rbac.authorization.k8s.io/v1beta1
    ports:
    - containerPort: 8443
      hostPort: 8443
      protocol: TCP
      name: http
    - containerPort: 8085
      hostPort: 8085
      protocol: TCP
      name: local
    volumeMounts:
    - mountPath: /etc/kubernetes
      name: etc-kubernetes
      readOnly: true
    - mountPath: /etc/etcd/ssl
      name: secret-etcd
      readOnly: true

  volumes:
  - hostPath:
      path: /etc/kubernetes
    name: etc-kubernetes
  - hostPath:
      path: /etc/etcd/ssl
    name: secret-etcd

i want to be able to reach the api server with this request curl -v http://172.16.1.7:8443 without using certificates and keys or the --insecure mode; any hints please how to disable all that , thanks in advance

-- MelDev
kubectl
kubernetes

Similar Questions

Kubernetes horizontal pod autoscaler not creating replicas according to replica count
How to limit the maximum number of running pods
windows host + vagrant + kubectl port-forward: stuck inside vagrant
Kubernetes Daemonset HELM charts - using command argument to set environment variable using cURL
Istio 1.7.2 - problem WebSocket connection

1 Answer

4/20/2018

I do not recommend you to use insecure mode, but to enable it you have 2 CLI options:

  • --insecure-port to set a port which will be bound in insecure mode
  • --insecure-bind-address to set an address where the port will be bound.
-- Anton Kostenko
Source: StackOverflow