From 6cbfde95ecba32d09eaff38a3a0b0fb878771599 Mon Sep 17 00:00:00 2001 From: Smeet nagda <81572407+smeet07@users.noreply.github.com> Date: Tue, 30 May 2023 23:24:05 +0530 Subject: [PATCH] command line option. --- site/content/docs/reference/supported-clusters.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/site/content/docs/reference/supported-clusters.md b/site/content/docs/reference/supported-clusters.md index e9838166..2811c093 100644 --- a/site/content/docs/reference/supported-clusters.md +++ b/site/content/docs/reference/supported-clusters.md @@ -37,3 +37,6 @@ token credential request API strategy by default. To choose the strategy to use with the concierge, use the `--concierge-mode` flag with `pinniped get kubeconfig`. Possible values are `ImpersonationProxy` and `TokenCredentialRequestAPI`. + +Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use `impersonation proxy`. This is because the `kube-apiserver` blocks unauthenticated access to `TokenCredentialRequest` API of the Concierge. +This does not matter while using `impersonation proxy`, which will allow these TokenCredentialRequests requests anyway.