Add RBAC configurations to API server

sebgoa · sebgoa · commit aa53cbad9078 · 2016-10-04T23:22:31.000+02:00
diff --git a/roles/k8s/templates/k8s-master.j2 b/roles/k8s/templates/k8s-master.j2
@@ -156,8 +156,10 @@ coreos:
         --service-account-key-file=/opt/bin/kube-serviceaccount.key \
         --service-account-lookup=false \
         --basic-auth-file=/srv/kubernetes/basicauth.csv \
-        --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \
-        --runtime-config=api/v1 \
+        --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \
+        --authorization-mode=RBAC \
+        --authorization-rbac-super-user={{ k8s_username }} \
+        --runtime-config=api/v1,rbac.authorization.k8s.io/v1alpha1 \
         --allow-privileged=true \
         --insecure-port=8080 \
         --secure-port=443 \
