diff options
| author | Johan Thomsen <jth@dbc.dk> | 2018-06-18 13:05:01 +0200 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2018-06-19 22:28:00 +0200 |
| commit | f9ad1cae78b5fc27a5bf2f17b3f9ebf7b239b3ca (patch) | |
| tree | 91a366508a4da75b90865f726ef0e1e235af10ae /nixos/modules/rename.nix | |
| parent | dc6484e366021b515207a61fc1517359be872bca (diff) | |
| download | nixlib-f9ad1cae78b5fc27a5bf2f17b3f9ebf7b239b3ca.tar nixlib-f9ad1cae78b5fc27a5bf2f17b3f9ebf7b239b3ca.tar.gz nixlib-f9ad1cae78b5fc27a5bf2f17b3f9ebf7b239b3ca.tar.bz2 nixlib-f9ad1cae78b5fc27a5bf2f17b3f9ebf7b239b3ca.tar.lz nixlib-f9ad1cae78b5fc27a5bf2f17b3f9ebf7b239b3ca.tar.xz nixlib-f9ad1cae78b5fc27a5bf2f17b3f9ebf7b239b3ca.tar.zst nixlib-f9ad1cae78b5fc27a5bf2f17b3f9ebf7b239b3ca.zip | |
nixos/kubernetes: dashboard lockdown
Kubernetes dashboard currently has cluster admin permissions, which is not recommended. - Renamed option "services.kubernetes.addons.dashboard.enableRBAC" to "services.kubernetes.addons.dashboard.rbac.enable" - Added option "services.kubernetes.addons.dashboard.rbac.clusterAdmin", default = false. - Setting recommended minimal permissions for the dashboard in accordance with https://github.com/kubernetes/dashboard/wiki/Installation - Updated release note for 18.09.
Diffstat (limited to 'nixos/modules/rename.nix')
| -rw-r--r-- | nixos/modules/rename.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 2df737452fbc..e3691843e170 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -34,6 +34,7 @@ with lib; (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ]) (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"]) (mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "") + (mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ]) (mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ]) (mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ]) (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ]) |