From 552b2f06357a2add22d63e824ba365f8d2ad0439 Mon Sep 17 00:00:00 2001
From: jwfang <54740235@qq.com>
Date: Fri, 7 Jul 2017 17:31:11 +0800
Subject: [PATCH] change authorization_modes default value

---
 .gitlab-ci.yml                              | 2 +-
 docs/vars.md                                | 2 +-
 roles/kubespray-defaults/defaults/main.yaml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ddeae95b6..d51c6887c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -62,7 +62,7 @@ before_script:
   KUBELET_DEPLOYMENT: "docker"
   VAULT_DEPLOYMENT: "docker"
   WEAVE_CPU_LIMIT: "100m"
-  AUTHORIZATION_MODES: "{ 'authorization_modes': ['AlwaysAllow'] }"
+  AUTHORIZATION_MODES: "{ 'authorization_modes': [] }"
   MAGIC: "ci check this"
 
 .gce: &gce
diff --git a/docs/vars.md b/docs/vars.md
index 46684395f..dd9988715 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -69,7 +69,7 @@ following default cluster paramters:
   Kubernetes
 * *authorization_modes* - A list of [authorization mode](
 https://kubernetes.io/docs/admin/authorization/#using-flags-for-your-authorization-module)
-  that the cluster should be configured for. Defaults to `['AlwaysAllow']`.
+  that the cluster should be configured for. Defaults to `[]` (i.e. no authorization).
   Note: Only `AlwaysAllow`, `AlwaysDeny` and `RBAC` are tested.
 
 Note, if cloud providers have any use of the ``10.233.0.0/16``, like instances'
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index db5fc1997..ed827d27b 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -118,5 +118,5 @@ enable_network_policy: false
 ## List of authorization modes that must be configured for
 ## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and
 ## 'RBAC' modes are tested.
-authorization_modes: ['AlwaysAllow']
+authorization_modes: []
 rbac_enabled: "{{ 'RBAC' in authorization_modes }}"