[cern] Fix kube-bench 1.2.1, 1.2.23, 1.3.1.

CherryPick: https://review.opendev.org/c/openstack/magnum/+/854395 Story: 2010248 Task: 46085 Task: 46087 Task: 46088 Change-Id: Ic197f83866dfa636fcb62c9875691d94bb42f964

[cern] Fix kube-bench 1.2.1, 1.2.23, 1.3.1.
CherryPick: https://review.opendev.org/c/openstack/magnum/+/854395 Story: 2010248 Task: 46085 Task: 46087 Task: 46088 Change-Id: Ic197f83866dfa636fcb62c9875691d94bb42f964
5ca33ee9 · Diogo Filipe Tomas Guerra · Diogo Guerra · ed7b8a3c · 5ca33ee9
Commit 5ca33ee9 authored Aug 09, 2022 by Diogo Filipe Tomas Guerra Committed by Diogo Guerra Aug 29, 2022
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -361,7 +361,8 @@ KUBE_API_ARGS="${KUBE_API_ARGS} \
    --requestheader-extra-headers-prefix=X-Remote-Extra- \
    --requestheader-group-headers=X-Remote-Group \
    --requestheader-username-headers=X-Remote-User"
-
+KUBE_API_ARGS="$KUBE_API_ARGS --anonymous-auth=false"
+KUBE_API_ARGS="$KUBE_API_ARGS --request-timeout=10s"
 KUBE_API_ARGS="$KUBE_API_ARGS --tls-cipher-suites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384"

 KUBE_ADMISSION_CONTROL=""
@@ -480,6 +481,7 @@ KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cluster-name=${CLU
 KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --allocate-node-cidrs=true"
 KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --cluster-cidr=${CLUSTER_CIDR} ${NODE_CIDR_MASK_SIZE_IPV6}"
 KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --profiling=false"
+KUBE_CONTROLLER_MANAGER_ARGS="${KUBE_CONTROLLER_MANAGER_ARGS} --terminated-pod-gc-threshold=200"
 KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS $KUBECONTROLLER_OPTIONS"
 if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
    KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --service-account-private-key-file=$CERT_DIR/service_account_private.key --root-ca-file=$CERT_DIR/ca.crt"