github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-29 21:29:24 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #43813 from liggitt/conditional-post-start-hook

Browse Source 
Automatic merge from submit-queue

Make RBAC post-start hook conditional on RBAC authorizer being used

Makes the RBAC post-start hook (and reconciliation) conditional on the RBAC authorizer being used

Ensures we don't set up unnecessary objects.

```release-note
RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled.
```
This commit is contained in:
Kubernetes Submit Queue
2017-03-31 05:51:49 -07:00
committed by GitHub
parent 3d8cdaf847 890894ac4f
commit 91c03b0e8f
8 changed files with 34 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hack/make-rules/test-cmd.sh
View File

@@ -36,10 +36,14 @@ function run_kube_apiserver() {
# Admission Controllers to invoke prior to persisting objects in cluster
ADMISSION_CONTROL="NamespaceLifecycle,LimitRanger,ResourceQuota"
# Include RBAC (to exercise bootstrapping), and AlwaysAllow to allow all actions
AUTHORIZATION_MODE="RBAC,AlwaysAllow"
"${KUBE_OUTPUT_HOSTBIN}/kube-apiserver" \
--address="127.0.0.1" \
--public-address-override="127.0.0.1" \
--port="${API_PORT}" \
--authorization-mode="${AUTHORIZATION_MODE}" \
--admission-control="${ADMISSION_CONTROL}" \
--etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
--public-address-override="127.0.0.1" \