/kind feature
As part of kubernetes/enhancements#130, the --experimental-bootstrap-token-auth flag on the API server should be renamed to something like --enable-bootstrap-token-auth. We'll leave experimental-bootstrap-token-auth deprecated (should it be a no-op or not?) for v1.8.
Or we should consider adding an explicit --authenticators flag to the API server in the same way we have --controllers flag on controller-manager.
Right now, it enables/disables most authn plugins implicitely based on other flags (often pointing to various files on disk; if you specified a path to that file, you also want to enable this authn module)
What way do you prefer?
@kubernetes/sig-cluster-lifecycle-feature-requests @kubernetes/sig-auth-feature-requests
/kind feature
As part of kubernetes/enhancements#130, the
--experimental-bootstrap-token-authflag on the API server should be renamed to something like--enable-bootstrap-token-auth. We'll leaveexperimental-bootstrap-token-authdeprecated (should it be a no-op or not?) for v1.8.Or we should consider adding an explicit
--authenticatorsflag to the API server in the same way we have--controllersflag on controller-manager.Right now, it enables/disables most authn plugins implicitely based on other flags (often pointing to various files on disk; if you specified a path to that file, you also want to enable this authn module)
What way do you prefer?
@kubernetes/sig-cluster-lifecycle-feature-requests @kubernetes/sig-auth-feature-requests