From b9bc010a4a98292ff2c4f7286445c76d7acde7bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Wed, 29 Dec 2021 08:47:05 +0100 Subject: [PATCH] Update the default value of the `bearer_token` parameter to send the bearer token only to secure https endpoints by default (#10709) to send the bearer token only to secure https endpoints and not to clear text http endpoints. --- kube_scheduler/assets/configuration/spec.yaml | 6 ++++-- .../datadog_checks/kube_scheduler/data/auto_conf.yaml | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/kube_scheduler/assets/configuration/spec.yaml b/kube_scheduler/assets/configuration/spec.yaml index 1d58b279813ab..865268428dd5e 100644 --- a/kube_scheduler/assets/configuration/spec.yaml +++ b/kube_scheduler/assets/configuration/spec.yaml @@ -77,9 +77,11 @@ files: against the APIServer to retrieve metrics. enabled: true value: - type: boolean - example: true + example: tls_only default: false + anyOf: + - type: boolean + - type: string - name: bearer_token_path description: Used to specify the path where the service account token is located. value: diff --git a/kube_scheduler/datadog_checks/kube_scheduler/data/auto_conf.yaml b/kube_scheduler/datadog_checks/kube_scheduler/data/auto_conf.yaml index 805ae3b663785..fc3a3d3de6b93 100644 --- a/kube_scheduler/datadog_checks/kube_scheduler/data/auto_conf.yaml +++ b/kube_scheduler/datadog_checks/kube_scheduler/data/auto_conf.yaml @@ -31,11 +31,11 @@ instances: # # prometheus_url: http://%%host%%:10251/metrics - ## @param bearer_token_auth - boolean - optional - default: true + ## @param bearer_token_auth - boolean or string - optional - default: tls_only ## Used if you are using RBACs and need the Agent to authenticate ## against the APIServer to retrieve metrics. # - bearer_token_auth: true + bearer_token_auth: tls_only ## @param bearer_token_path - string - optional - default: /var/run/secrets/kubernetes.io/serviceaccount/token ## Used to specify the path where the service account token is located.