Skip to content

Commit

Permalink
docs: bypass-hostname-check explanation
Browse files Browse the repository at this point in the history
cf. #76
[skip ci]
  • Loading branch information
clementnuss committed Aug 29, 2022
1 parent f22fefb commit 73ed5af
Showing 1 changed file with 16 additions and 14 deletions.
30 changes: 16 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,20 +30,22 @@ The most important parameters (configurable through either flags or environment
variables) are:

* `--provider-regex` or `PROVIDER_REGEX` lets you decide which hostnames can be
approved or not\
e.g. if all your nodes follow a naming convention (say
`node-randomstr1234.int.company.ch`), your regex could look like
`^node-\w*\.int\.company\.ch$`
* `--max-expiration-sec` or `MAX_EXPIRATION_SEC` permits to specify the maximum
`expirationSeconds` the kubelet can ask for.\
Per default it is hardcoded to a maximum of 367 days, and can be reduced with
this parameter.
* `--bypass-dns-resolution` or `BYPASS_DNS_RESOLUTION` permits to bypass DNS resolution
check. \
the default value of the boolean is false, and you can enable it by
setting it to `true` (or any other option listed in GoLang's
[`ParseBool`](https://github.com/golang/go/blob/master/src/strconv/atob.go#L10)
function)
approved or not\
e.g. if all your nodes follow a naming convention (say
`node-randomstr1234.int.company.ch`), your regex could look like
`^node-\w*\.int\.company\.ch$`
* `--max-expiration-sec` or `MAX_EXPIRATION_SEC` lets you specify the maximum
`expirationSeconds` the kubelet can ask for.\
Per default it is hardcoded to a maximum of 367 days, and can be reduced with
this parameter.
* `--bypass-dns-resolution` or `BYPASS_DNS_RESOLUTION` -> permits to bypass DNS resolution
check. \
the default value of the boolean is false, and you can enable it by
setting it to `true` (or any other option listed in GoLang's
[`ParseBool`](https://github.com/golang/go/blob/master/src/strconv/atob.go#L10)
function)
* `--bypass-hostname-check` or `BYPASS_HOSTNAME_CHECK`: when set to true,
it permits having a DNS name that differs (i.e. isn't prefixed) by the hostname
* `--provider-ip-prefixes` or `PROVIDER_IP_PREFIXES` permits to specify a
comma-separated list of IP (v4 or/and v6) subnets/prefixes, that CSR IP
addresses shall fall into. left unspecified, all IP addresses are allowed. \
Expand Down

0 comments on commit 73ed5af

Please sign in to comment.