From cc085606bfeb2b9c862f1e9704868b5f3ca599e9 Mon Sep 17 00:00:00 2001
From: Nicolas Goudry <goudry.nicolas@gmail.com>
Date: Sun, 24 Mar 2024 18:35:38 +0100
Subject: [PATCH] docs: add option to config parameters

---
 docs/vars.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/vars.md b/docs/vars.md
index 1c36e67344a..0e83b18311a 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -281,6 +281,11 @@ node_taints:
   * `audit_webhook_batch_max_wait`: 1s
 * *kubectl_alias* - Bash alias of kubectl to interact with Kubernetes cluster much easier.
 
+* *remove_anonymous_access* - When set to `true`, removes the `kubeadm:bootstrap-signer-clusterinfo` rolebinding created by kubeadm.
+  By default, kubeadm creates a rolebinding in the `kube-public` namespace which grants permissions to anonymous users. This rolebinding allows kubeadm to discover and validate cluster information during the join phase.
+  In a nutshell, this option removes the rolebinding after the init phase of the first control plane node and then configures kubeadm to use file discovery for the join phase of other nodes.
+  This option does not remove the anonymous authentication feature of the API server.
+
 ### Custom flags for Kube Components
 
 For all kube components, custom flags can be passed in. This allows for edge cases where users need changes to the default deployment that may not be applicable to all deployments.