From dd9be53ebb3de8ba9f6af99fa6b49811e260cafe Mon Sep 17 00:00:00 2001 From: Bipul Adhikari Date: Mon, 6 Jan 2025 18:01:44 +0545 Subject: [PATCH] Enables auth by default for sidecar and manager communication Signed-off-by: Bipul Adhikari --- cmd/manager/main.go | 2 +- sidecar/main.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 91e9ee620..743bbf3c3 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -100,7 +100,7 @@ func main() { flag.BoolVar(&secureMetrics, "metrics-secure", true, "If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.") flag.BoolVar(&showVersion, "version", false, "Print Version details") flag.StringVar(&cfg.SchedulePrecedence, "schedule-precedence", "", "The order of precedence in which schedule of reclaimspace and keyrotation is considered. Possible values are sc-only") - flag.BoolVar(&enableAuth, "enable-auth", false, "Enables TLS and adds bearer token to the headers (disabled by default)") + flag.BoolVar(&enableAuth, "enable-auth", true, "Enables TLS and adds bearer token to the headers (enabled by default)") opts := zap.Options{ Development: true, TimeEncoder: zapcore.ISO8601TimeEncoder, diff --git a/sidecar/main.go b/sidecar/main.go index 66e5ee407..2fdc3e6d9 100644 --- a/sidecar/main.go +++ b/sidecar/main.go @@ -56,7 +56,7 @@ func main() { leaderElectionLeaseDuration = flag.Duration("leader-election-lease-duration", 15*time.Second, "Duration, in seconds, that non-leader candidates will wait to force acquire leadership. Defaults to 15 seconds.") leaderElectionRenewDeadline = flag.Duration("leader-election-renew-deadline", 10*time.Second, "Duration, in seconds, that the acting leader will retry refreshing leadership before giving up. Defaults to 10 seconds.") leaderElectionRetryPeriod = flag.Duration("leader-election-retry-period", 5*time.Second, "Duration, in seconds, the LeaderElector clients should wait between tries of actions. Defaults to 5 seconds.") - enableAuthChecks = flag.Bool("enable-auth", false, "Enable Authorization checks and TLS communication (disabled by default)") + enableAuthChecks = flag.Bool("enable-auth", true, "Enable Authorization checks and TLS communication (enabled by default)") ) klog.InitFlags(nil)