github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Enable node authorizer in local-up-cluster

pull/6/head
Jordan Liggitt 2017-07-28 14:59:41 -04:00
parent 0940a25440
commit 33a3a7c730
No known key found for this signature in database
GPG Key ID: 39928704103C7229
1 changed files with 2 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hack/local-up-cluster.sh
View File

@ -76,8 +76,7 @@ ENABLE_CLUSTER_DASHBOARD=${KUBE_ENABLE_CLUSTER_DASHBOARD:-false}
ENABLE_APISERVER_BASIC_AUDIT=${ENABLE_APISERVER_BASIC_AUDIT:-false} ENABLE_APISERVER_BASIC_AUDIT=${ENABLE_APISERVER_BASIC_AUDIT:-false}
# RBAC Mode options # RBAC Mode options
ENABLE_RBAC=${ENABLE_RBAC:-true} AUTHORIZATION_MODE=${AUTHORIZATION_MODE:-"Node,RBAC"}
AUTHORIZATION_MODE=${AUTHORIZATION_MODE:-""}
KUBECONFIG_TOKEN=${KUBECONFIG_TOKEN:-""} KUBECONFIG_TOKEN=${KUBECONFIG_TOKEN:-""}
AUTH_ARGS=${AUTH_ARGS:-""} AUTH_ARGS=${AUTH_ARGS:-""}
@ -434,13 +433,7 @@ function start_apiserver {
fi fi
authorizer_arg="" authorizer_arg=""
if [[ "${ENABLE_RBAC}" = true ]]; then
authorizer_arg="--authorization-mode=RBAC "
fi
if [[ -n "${AUTHORIZATION_MODE}" ]]; then if [[ -n "${AUTHORIZATION_MODE}" ]]; then
if [[ "${ENABLE_RBAC}" = true ]]; then
warning "AUTHORIZATION_MODE=$AUTHORIZATION_MODE overrode ENABLE_RBAC=true"
fi
authorizer_arg="--authorization-mode=${AUTHORIZATION_MODE} " authorizer_arg="--authorization-mode=${AUTHORIZATION_MODE} "
fi fi
priv_arg="" priv_arg=""
@ -902,7 +895,7 @@ if [[ "${START_MODE}" != "nokubelet" ]]; then
esac esac
fi fi
if [[ -n "${PSP_ADMISSION}" && ("${ENABLE_RBAC}" = true || "${AUTHORIZATION_MODE}" = *RBAC* ) ]]; then if [[ -n "${PSP_ADMISSION}" && "${AUTHORIZATION_MODE}" = *RBAC* ]]; then
create_psp_policy create_psp_policy
fi fi