Merge pull request #34619 from deads2k/rbac-13-local-up

Automatic merge from submit-queue add flag for enabling RBAC on local-up-cluster Enables cases like `ALLOW_ANY_TOKEN=true ENABLE_RBAC=true hack/local-up-cluster.sh ` to startup an api server so you can test RBAC against it. @pweil- You can try this using `oc login localhost:6443 --token=username/group1,group2,system:masters`. Then you should have full rights. You can use `oc login --token=username` or `kubectl create -f - --token=otheruser/othergroup` to simulate other users.
2025-08-09 12:07:47 +00:00 · 2016-10-13 13:58:50 -07:00 · 2016-10-13 13:58:50 -07:00 · f638a87b47
commit f638a87b47
parent 1b58b07270 127e335802
1 changed files with 5 additions and 1 deletions
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@ -285,6 +285,10 @@ function start_apiserver {
    if [[ -n "${ALLOW_ANY_TOKEN:-}" ]]; then
      anytoken_arg="--insecure-allow-any-token "
    fi
+    authorizer_arg=""
+    if [[ -n "${ENABLE_RBAC:-}" ]]; then
+      authorizer_arg="--authorization-mode=RBAC "
+    fi
    priv_arg=""
    if [[ -n "${ALLOW_PRIVILEGED}" ]]; then
      priv_arg="--allow-privileged "
@ -302,7 +306,7 @@ function start_apiserver {
    fi

    APISERVER_LOG=/tmp/kube-apiserver.log
-    sudo -E "${GO_OUT}/hyperkube" apiserver ${anytoken_arg} ${priv_arg} ${runtime_config}\
+    sudo -E "${GO_OUT}/hyperkube" apiserver ${anytoken_arg} ${authorizer_arg} ${priv_arg} ${runtime_config}\
      ${advertise_address} \
      --v=${LOG_LEVEL} \
      --cert-dir="${CERT_DIR}" \