github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-12 21:36:24 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #43164 from cjcullen/abac

Browse Source 
Automatic merge from submit-queue

Allow ABAC to be disabled easily on upgrades

**What this PR does / why we need it**:
Adds a local variable to the configure-helper script so that ABAC_AUTHZ_FILE can be set to a nonexistent file in kube-env to disable ABAC on a cluster that previously was using ABAC.

@liggitt @Q-Lee
This commit is contained in:
Kubernetes Submit Queue 2017-03-16 12:09:40 -07:00 committed by GitHub
commit b2525d43ed
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cluster/gce/gci/configure-helper.sh
View File

@ -1108,9 +1108,9 @@ function start-kube-apiserver {
# Load existing ABAC policy files written by versions < 1.6 of this script # Load existing ABAC policy files written by versions < 1.6 of this script
# TODO: only default to this legacy path when in upgrade mode # TODO: only default to this legacy path when in upgrade mode
ABAC_AUTHZ_FILE="${ABAC_AUTHZ_FILE:-/etc/srv/kubernetes/abac-authz-policy.jsonl}" local abac_authorization_file="${ABAC_AUTHZ_FILE:-/etc/srv/kubernetes/abac-authz-policy.jsonl}"
if [[ -n "${ABAC_AUTHZ_FILE:-}" && -e "${ABAC_AUTHZ_FILE}" ]]; then if [[ -n "${abac_authorization_file:-}" && -e "${abac_authorization_file}" ]]; then
params+=" --authorization-policy-file=${ABAC_AUTHZ_FILE}" params+=" --authorization-policy-file=${abac_authorization_file}"
authorization_mode+=",ABAC" authorization_mode+=",ABAC"
fi fi
local webhook_config_mount="" local webhook_config_mount=""