From b3a31b28afa3db09846a849a6c0fa34f1c4671fe Mon Sep 17 00:00:00 2001 From: CJ Cullen Date: Tue, 22 May 2018 16:44:46 -0700 Subject: [PATCH] re-reorder authorizers (RBAC before Webhook). --- cluster/gce/gci/configure-helper.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 356f103b5da..0935fc37f2c 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -1683,7 +1683,7 @@ function start-kube-apiserver { local webhook_config_mount="" local webhook_config_volume="" if [[ -n "${GCP_AUTHZ_URL:-}" ]]; then - authorization_mode="Webhook,${authorization_mode}" + authorization_mode="${authorization_mode},Webhook" params+=" --authorization-webhook-config-file=/etc/gcp_authz.config" webhook_config_mount="{\"name\": \"webhookconfigmount\",\"mountPath\": \"/etc/gcp_authz.config\", \"readOnly\": false}," webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\", \"type\": \"FileOrCreate\"}},"