Switching to token auth is the obvious answer, but CIS doesn't like it: https://github.com/aquasecurity/kube-bench/blob/7cd6b32ebb5f6c9503daf6069fe8480e41020505/cfg/cis-1.5/master.yaml#L336-L360
We also need to update kubernetes-dashboard authentication-mode config: https://github.com/charmed-kubernetes/cdk-addons/blob/d7db3be73e96f1eb13db069c0e61f2f458e4e63a/cdk-addons/apply#L63 https://github.com/charmed-kubernetes/charm-kubernetes-master/blob/1e090ff6c9371a8be014f3f0774a4fcd1882cc89/config.yaml#L272-L278 https://github.com/charmed-kubernetes/charm-kubernetes-master/blob/1e090ff6c9371a8be014f3f0774a4fcd1882cc89/reactive/kubernetes_master.py#L1231-L1235 https://github.com/kubernetes/dashboard/blob/1f66b1c1fde5282f2b5146c6e94018a916610b28/docs/common/dashboard-arguments.md
kubernetes-dashboard appears to only support basic and token auth. If we move away from token auth for CIS then we might need to drop kubernetes-dashboard too.
Switching to token auth is the obvious answer, but CIS doesn't like it: https:/ /github. com/aquasecurit y/kube- bench/blob/ 7cd6b32ebb5f6c9 503daf6069fe848 0e41020505/ cfg/cis- 1.5/master. yaml#L336- L360
We also need to update kubernetes- dashboard authentication-mode config: /github. com/charmed- kubernetes/ cdk-addons/ blob/d7db3be73e 96f1eb13db069c0 e61f2f458e4e63a /cdk-addons/ apply#L63 /github. com/charmed- kubernetes/ charm-kubernete s-master/ blob/1e090ff6c9 371a8be014f3f07 74a4fcd1882cc89 /config. yaml#L272- L278 /github. com/charmed- kubernetes/ charm-kubernete s-master/ blob/1e090ff6c9 371a8be014f3f07 74a4fcd1882cc89 /reactive/ kubernetes_ master. py#L1231- L1235 /github. com/kubernetes/ dashboard/ blob/1f66b1c1fd e5282f2b5146c6e 94018a916610b28 /docs/common/ dashboard- arguments. md
https:/
https:/
https:/
https:/
kubernetes- dashboard appears to only support basic and token auth. If we move away from token auth for CIS then we might need to drop kubernetes- dashboard too.