diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a456f9df..7a424d01d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -371,9 +371,9 @@ before_script: CLUSTER_MODE: separate STARTUP_SCRIPT: "" -.ubuntu_flannel_rbac_variables: &ubuntu_flannel_rbac_variables +.ubuntu_flannel_norbac_variables: &ubuntu_flannel_norbac_variables # stage: deploy-gce-special - AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }" + AUTHORIZATION_MODES: "{ 'authorization_modes': [] }" KUBE_NETWORK_PLUGIN: flannel CLOUD_IMAGE: ubuntu-1604-xenial CLOUD_REGION: europe-west1-b @@ -605,13 +605,13 @@ ubuntu-vault-sep: except: ['triggers'] only: ['master', /^pr-.*$/] -ubuntu-flannel-rbac-sep: +ubuntu-flannel-norbac-sep: stage: deploy-gce-special <<: *job <<: *gce variables: <<: *gce_variables - <<: *ubuntu_flannel_rbac_variables + <<: *ubuntu_flannel_norbac_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml index b70cd6766..6146a9840 100644 --- a/inventory/group_vars/k8s-cluster.yml +++ b/inventory/group_vars/k8s-cluster.yml @@ -25,6 +25,9 @@ kube_api_anonymous_auth: false ## Change this to use another Kubernetes version, e.g. a current beta release kube_version: v1.7.3 +# Disable RBAC by setting this to an empty list. Other choices: AlwaysAllow, AlwaysDeny +authorization_modes: ['RBAC'] + # Where the binaries will be downloaded. # Note: ensure that you've enough disk space (about 1G) local_release_dir: "/tmp/releases" diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 5405e2577..386205fcb 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -129,7 +129,7 @@ openstack_lbaas_monitor_max_retries: false ## List of authorization modes that must be configured for ## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and ## 'RBAC' modes are tested. -authorization_modes: [] +authorization_modes: ['RBAC'] rbac_enabled: "{{ 'RBAC' in authorization_modes }}" ## List of key=value pairs that describe feature gates for