github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-10 12:32:03 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #34619 from deads2k/rbac-13-local-up

Browse Source 
Automatic merge from submit-queue

add flag for enabling RBAC on local-up-cluster

Enables cases like `ALLOW_ANY_TOKEN=true ENABLE_RBAC=true hack/local-up-cluster.sh ` to startup an api server so you can test RBAC against it.

@pweil- You can try this using `oc login localhost:6443 --token=username/group1,group2,system:masters`.  Then you should have full rights.  You can use `oc login --token=username` or `kubectl create -f - --token=otheruser/othergroup` to simulate other users.
This commit is contained in:
Kubernetes Submit Queue 2016-10-13 13:58:50 -07:00 committed by GitHub
commit f638a87b47
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hack/local-up-cluster.sh
View File

@ -285,6 +285,10 @@ function start_apiserver {
if [[ -n "${ALLOW_ANY_TOKEN:-}" ]]; then if [[ -n "${ALLOW_ANY_TOKEN:-}" ]]; then
anytoken_arg="--insecure-allow-any-token " anytoken_arg="--insecure-allow-any-token "
fi fi
authorizer_arg=""
if [[ -n "${ENABLE_RBAC:-}" ]]; then
authorizer_arg="--authorization-mode=RBAC "
fi
priv_arg="" priv_arg=""
if [[ -n "${ALLOW_PRIVILEGED}" ]]; then if [[ -n "${ALLOW_PRIVILEGED}" ]]; then
priv_arg="--allow-privileged " priv_arg="--allow-privileged "
@ -302,7 +306,7 @@ function start_apiserver {
fi fi
APISERVER_LOG=/tmp/kube-apiserver.log APISERVER_LOG=/tmp/kube-apiserver.log
sudo -E "${GO_OUT}/hyperkube" apiserver ${anytoken_arg} ${priv_arg} ${runtime_config}\ sudo -E "${GO_OUT}/hyperkube" apiserver ${anytoken_arg} ${authorizer_arg} ${priv_arg} ${runtime_config}\
${advertise_address} \ ${advertise_address} \
--v=${LOG_LEVEL} \ --v=${LOG_LEVEL} \
--cert-dir="${CERT_DIR}" \ --cert-dir="${CERT_DIR}" \