xoxys.k3s/templates/_internal/apiserver-arg.yaml.j2
Robert Kaussow 515130cd11
All checks were successful
continuous-integration/drone Build is passing
feat: add cis recommendations and hardening options
2023-01-29 16:46:24 +01:00

15 lines
742 B
Django/Jinja

#jinja2: lstrip_blocks: True
- anonymous-auth=false
- authorization-mode=Node,RBAC
- profiling=0
- service-account-lookup=true
- request-timeout=300s
- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- admission-control-config-file={{ __k3s_config_dir }}/server/admission-config.yaml
{% if k3s_server_admission_plugins | length > 0 %}
- enable-admission-plugins={{ k3s_server_admission_plugins | join(',') }}
{% endif %}
{% if k3s_server_feature_gates | length > 0 %}
- feature-gates={{ k3s_server_feature_gates | join(',') }}
{%- endif %}