kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4184 from chrislovecnm/rbac-default 

Switching the default for kops to create a cluster with RBAC enabled.
This commit is contained in:
k8s-ci-robot 2018-01-26 10:52:33 -08:00 committed by GitHub
parent cbf16fd6e2 4f9ed369e9
commit b02a73fa2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kops/create_cluster.go
View File

@ -156,7 +156,7 @@ func (o *CreateClusterOptions) InitDefaults() {
// Default to open API & SSH access // Default to open API & SSH access
o.AdminAccess = []string{"0.0.0.0/0"} o.AdminAccess = []string{"0.0.0.0/0"}
o.Authorization = AuthorizationFlagAlwaysAllow o.Authorization = AuthorizationFlagRBAC
} }
var ( var (

2
docs/cli/kops_create_cluster.md
View File

@ -68,7 +68,7 @@ kops create cluster
--admin-access stringSlice Restrict API access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0]) --admin-access stringSlice Restrict API access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0])
--api-loadbalancer-type string Sets the API loadbalancer type to either 'public' or 'internal' --api-loadbalancer-type string Sets the API loadbalancer type to either 'public' or 'internal'
--associate-public-ip Specify --associate-public-ip=[true|false] to enable/disable association of public IP for master ASG and nodes. Default is 'true'. --associate-public-ip Specify --associate-public-ip=[true|false] to enable/disable association of public IP for master ASG and nodes. Default is 'true'.
--authorization string Authorization mode to use: AlwaysAllow or RBAC (default "AlwaysAllow") --authorization string Authorization mode to use: AlwaysAllow or RBAC (default "RBAC")
--bastion Pass the --bastion flag to enable a bastion instance group. Only applies to private topology. --bastion Pass the --bastion flag to enable a bastion instance group. Only applies to private topology.
--channel string Channel for default versions and configuration to use (default "stable") --channel string Channel for default versions and configuration to use (default "stable")
--cloud string Cloud provider to use - gce, aws, vsphere --cloud string Cloud provider to use - gce, aws, vsphere

2
tests/integration/create_cluster/complex/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/complex.example.com configBase: memfs://tests/complex.example.com

2
tests/integration/create_cluster/ha/expected-v1alpha1.yaml
View File

@ -9,7 +9,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/ha.example.com configBase: memfs://tests/ha.example.com

2
tests/integration/create_cluster/ha/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/ha.example.com configBase: memfs://tests/ha.example.com

2
tests/integration/create_cluster/ha_encrypt/expected-v1alpha1.yaml
View File

@ -9,7 +9,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/ha.example.com configBase: memfs://tests/ha.example.com

2
tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/ha.example.com configBase: memfs://tests/ha.example.com

2
tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: gce cloudProvider: gce
configBase: memfs://tests/ha-gce.example.com configBase: memfs://tests/ha-gce.example.com

2
tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/ha.example.com configBase: memfs://tests/ha.example.com

2
tests/integration/create_cluster/minimal/expected-v1alpha1.yaml
View File

@ -9,7 +9,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/minimal.example.com configBase: memfs://tests/minimal.example.com

2
tests/integration/create_cluster/minimal/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/minimal.example.com configBase: memfs://tests/minimal.example.com

2
tests/integration/create_cluster/ngwspecified/expected-v1alpha1.yaml
View File

@ -10,7 +10,7 @@ spec:
loadBalancer: loadBalancer:
type: Public type: Public
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/private.example.com configBase: memfs://tests/private.example.com

2
tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml
View File

@ -8,7 +8,7 @@ spec:
loadBalancer: loadBalancer:
type: Public type: Public
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/private.example.com configBase: memfs://tests/private.example.com

2
tests/integration/create_cluster/overrides/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/overrides.example.com configBase: memfs://tests/overrides.example.com

2
tests/integration/create_cluster/private/expected-v1alpha1.yaml
View File

@ -10,7 +10,7 @@ spec:
loadBalancer: loadBalancer:
type: Public type: Public
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudLabels: cloudLabels:
Owner: John Doe Owner: John Doe

2
tests/integration/create_cluster/private/expected-v1alpha2.yaml
View File

@ -8,7 +8,7 @@ spec:
loadBalancer: loadBalancer:
type: Public type: Public
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudLabels: cloudLabels:
Owner: John Doe Owner: John Doe

2
tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml
View File

@ -8,7 +8,7 @@ spec:
loadBalancer: loadBalancer:
type: Public type: Public
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/private-subnets.example.com configBase: memfs://tests/private-subnets.example.com

2
tests/integration/create_cluster/shared_subnets/expected-v1alpha1.yaml
View File

@ -9,7 +9,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/subnet.example.com configBase: memfs://tests/subnet.example.com

2
tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/subnet.example.com configBase: memfs://tests/subnet.example.com

2
tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha1.yaml
View File

@ -9,7 +9,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/subnet.example.com configBase: memfs://tests/subnet.example.com

2
tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/subnet.example.com configBase: memfs://tests/subnet.example.com

2
tests/integration/create_cluster/shared_vpc/expected-v1alpha1.yaml
View File

@ -9,7 +9,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/vpc.example.com configBase: memfs://tests/vpc.example.com

2
tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml
View File

@ -7,7 +7,7 @@ spec:
api: api:
dns: {} dns: {}
authorization: authorization:
alwaysAllow: {} rbac: {}
channel: stable channel: stable
cloudProvider: aws cloudProvider: aws
configBase: memfs://tests/vpc.example.com configBase: memfs://tests/vpc.example.com