Enable RBAC and needed addons/network plugin configuration

cluster/cluster.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/rancher/rke/authz"
 	"github.com/rancher/rke/hosts"
 	"github.com/rancher/rke/pki"
 	"github.com/rancher/rke/services"
@@ -58,10 +59,15 @@ func (c *Cluster) DeployClusterPlanes() error {
 	err = services.RunControlPlane(c.ControlPlaneHosts,
 		c.EtcdHosts,
 		c.Services,
-		c.SystemImages[ServiceSidekickImage])
+		c.SystemImages[ServiceSidekickImage],
+		c.Authorization.Mode)
 	if err != nil {
 		return fmt.Errorf("[controlPlane] Failed to bring up Control Plane: %v", err)
 	}
+	err = c.ApplyRBACResources()
+	if err != nil {
+		return fmt.Errorf("[auths] Failed to apply RBAC resources: %v", err)
+	}
 	err = services.RunWorkerPlane(c.ControlPlaneHosts,
 		c.WorkerHosts,
 		c.Services,
@@ -239,3 +245,15 @@ func getLocalAdminConfigWithNewAddress(localConfigPath, cpAddress string) string
 		string(config.CertData),
 		string(config.KeyData))
 }
+
+func (c *Cluster) ApplyRBACResources() error {
+	if err := authz.ApplyJobDeployerServiceAccount(c.LocalKubeConfigPath); err != nil {
+		return fmt.Errorf("Failed to apply the ServiceAccount needed for job execution: %v", err)
+	}
+	if c.Authorization.Mode == services.RBACAuthorizationMode {
+		if err := authz.ApplySystemNodeClusterRoleBinding(c.LocalKubeConfigPath); err != nil {
+			return fmt.Errorf("Failed to apply the ClusterRoleBinding needed for node authorization: %v", err)
+		}
+	}
+	return nil
+}