Merge pull request #4184 from chrislovecnm/rbac-default

Switching the default for kops to create a cluster with RBAC enabled.
2018-01-26 10:52:33 -08:00 · 2018-01-26 10:52:33 -08:00 · b02a73fa2c
parent cbf16fd6e2 4f9ed369e9
commit b02a73fa2c
23 changed files with 23 additions and 23 deletions
--- a/cmd/kops/create_cluster.go
+++ b/cmd/kops/create_cluster.go
@ -156,7 +156,7 @@ func (o *CreateClusterOptions) InitDefaults() {
 	// Default to open API & SSH access
 	o.AdminAccess = []string{"0.0.0.0/0"}

-	o.Authorization = AuthorizationFlagAlwaysAllow
+	o.Authorization = AuthorizationFlagRBAC
 }

 var (
--- a/docs/cli/kops_create_cluster.md
+++ b/docs/cli/kops_create_cluster.md
@ -68,7 +68,7 @@ kops create cluster
      --admin-access stringSlice             Restrict API access to this CIDR.  If not set, access will not be restricted by IP. (default [0.0.0.0/0])
      --api-loadbalancer-type string         Sets the API loadbalancer type to either 'public' or 'internal'
      --associate-public-ip                  Specify --associate-public-ip=[true|false] to enable/disable association of public IP for master ASG and nodes. Default is 'true'.
-      --authorization string                 Authorization mode to use: AlwaysAllow or RBAC (default "AlwaysAllow")
+      --authorization string                 Authorization mode to use: AlwaysAllow or RBAC (default "RBAC")
      --bastion                              Pass the --bastion flag to enable a bastion instance group. Only applies to private topology.
      --channel string                       Channel for default versions and configuration to use (default "stable")
      --cloud string                         Cloud provider to use - gce, aws, vsphere
--- a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/complex.example.com
--- a/tests/integration/create_cluster/ha/expected-v1alpha1.yaml
+++ b/tests/integration/create_cluster/ha/expected-v1alpha1.yaml
@ -9,7 +9,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/ha.example.com
--- a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/ha.example.com
--- a/tests/integration/create_cluster/ha_encrypt/expected-v1alpha1.yaml
+++ b/tests/integration/create_cluster/ha_encrypt/expected-v1alpha1.yaml
@ -9,7 +9,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/ha.example.com
--- a/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/ha.example.com
--- a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: gce
  configBase: memfs://tests/ha-gce.example.com
--- a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/ha.example.com
--- a/tests/integration/create_cluster/minimal/expected-v1alpha1.yaml
+++ b/tests/integration/create_cluster/minimal/expected-v1alpha1.yaml
@ -9,7 +9,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/minimal.example.com
--- a/tests/integration/create_cluster/minimal/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/minimal/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/minimal.example.com
--- a/tests/integration/create_cluster/ngwspecified/expected-v1alpha1.yaml
+++ b/tests/integration/create_cluster/ngwspecified/expected-v1alpha1.yaml
@ -10,7 +10,7 @@ spec:
    loadBalancer:
      type: Public
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/private.example.com
--- a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml
@ -8,7 +8,7 @@ spec:
    loadBalancer:
      type: Public
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/private.example.com
--- a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/overrides.example.com
--- a/tests/integration/create_cluster/private/expected-v1alpha1.yaml
+++ b/tests/integration/create_cluster/private/expected-v1alpha1.yaml
@ -10,7 +10,7 @@ spec:
    loadBalancer:
      type: Public
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudLabels:
    Owner: John Doe
--- a/tests/integration/create_cluster/private/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/private/expected-v1alpha2.yaml
@ -8,7 +8,7 @@ spec:
    loadBalancer:
      type: Public
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudLabels:
    Owner: John Doe
--- a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml
@ -8,7 +8,7 @@ spec:
    loadBalancer:
      type: Public
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/private-subnets.example.com
--- a/tests/integration/create_cluster/shared_subnets/expected-v1alpha1.yaml
+++ b/tests/integration/create_cluster/shared_subnets/expected-v1alpha1.yaml
@ -9,7 +9,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/subnet.example.com
--- a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/subnet.example.com
--- a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha1.yaml
+++ b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha1.yaml
@ -9,7 +9,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/subnet.example.com
--- a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/subnet.example.com
--- a/tests/integration/create_cluster/shared_vpc/expected-v1alpha1.yaml
+++ b/tests/integration/create_cluster/shared_vpc/expected-v1alpha1.yaml
@ -9,7 +9,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/vpc.example.com
--- a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml
@ -7,7 +7,7 @@ spec:
  api:
    dns: {}
  authorization:
-    alwaysAllow: {}
+    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: memfs://tests/vpc.example.com