change authorization_modes default value

7 years ago · 552b2f0635
3 changed files with 3 additions and 3 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -62,7 +62,7 @@ before_script:
  KUBELET_DEPLOYMENT: "docker"
  VAULT_DEPLOYMENT: "docker"
  WEAVE_CPU_LIMIT: "100m"
-  AUTHORIZATION_MODES: "{ 'authorization_modes': ['AlwaysAllow'] }"
+  AUTHORIZATION_MODES: "{ 'authorization_modes': [] }"
  MAGIC: "ci check this"

 .gce: &gce
--- a/docs/vars.md
+++ b/docs/vars.md
@ -69,7 +69,7 @@ following default cluster paramters:
  Kubernetes
 * *authorization_modes* - A list of [authorization mode](
 https://kubernetes.io/docs/admin/authorization/#using-flags-for-your-authorization-module)
-  that the cluster should be configured for. Defaults to `['AlwaysAllow']`.
+  that the cluster should be configured for. Defaults to `[]` (i.e. no authorization).
  Note: Only `AlwaysAllow`, `AlwaysDeny` and `RBAC` are tested.

 Note, if cloud providers have any use of the ``10.233.0.0/16``, like instances'
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@ -118,5 +118,5 @@ enable_network_policy: false
 ## List of authorization modes that must be configured for
 ## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and
 ## 'RBAC' modes are tested.
-authorization_modes: ['AlwaysAllow']
+authorization_modes: []
 rbac_enabled: "{{ 'RBAC' in authorization_modes }}"