Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
72e0e91b
Commit
72e0e91b
authored
Dec 02, 2016
by
xilabao
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
change prompt for enabling RBAC on local-up-cluster
parent
9defe2ce
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
27 additions
and
4 deletions
+27
-4
local-up-cluster.sh
hack/local-up-cluster.sh
+27
-4
No files found.
hack/local-up-cluster.sh
View file @
72e0e91b
...
...
@@ -56,6 +56,13 @@ CLOUD_PROVIDER=${CLOUD_PROVIDER:-""}
CLOUD_CONFIG
=
${
CLOUD_CONFIG
:-
""
}
FEATURE_GATES
=
${
FEATURE_GATES
:-
"AllAlpha=true"
}
# RBAC Mode options
ALLOW_ANY_TOKEN
=
${
ALLOW_ANY_TOKEN
:-
false
}
ENABLE_AUTH_PROXY
=
${
ENABLE_AUTH_PROXY
:-
false
}
ENABLE_RBAC
=
${
ENABLE_RBAC
:-
false
}
KUBECONFIG_TOKEN
=
${
KUBECONFIG_TOKEN
:-
""
}
AUTH_ARGS
=
${
AUTH_ARGS
:-
""
}
# start the cache mutation detector by default so that cache mutators will be found
KUBE_CACHE_MUTATION_DETECTOR
=
"
${
KUBE_CACHE_MUTATION_DETECTOR
:-
true
}
"
export
KUBE_CACHE_MUTATION_DETECTOR
...
...
@@ -366,6 +373,7 @@ clusters:
name: local-up-cluster
users:
- user:
token:
${
KUBECONFIG_TOKEN
:-}
client-certificate:
${
CERT_DIR
}
/client-
$1
.crt
client-key:
${
CERT_DIR
}
/client-
$1
.key
name: local-up-cluster
...
...
@@ -394,17 +402,18 @@ function start_apiserver {
# which should be able to be used as the CA to verify itself
anytoken_arg
=
""
if
[[
-n
"
${
ALLOW_ANY_TOKEN
:-}
"
]]
;
then
if
[[
"
${
ALLOW_ANY_TOKEN
}
"
=
true
]]
;
then
anytoken_arg
=
"--insecure-allow-any-token "
KUBECONFIG_TOKEN
=
${
KUBECONFIG_TOKEN
:-
"system:admin/system:masters"
}
fi
auth_proxy_arg
=
""
if
[[
-n
"
${
ENABLE_AUTH_PROXY
:-}
"
]]
;
then
if
[[
"
${
ENABLE_AUTH_PROXY
}
"
=
true
]]
;
then
auth_proxy_arg
=
"--requestheader-username-headers=X-Remote-User
\
--requestheader-client-ca-file=
${
CERT_DIR
}
/auth-proxy-client-ca.crt
\
--requestheader-allowed-names=system:auth-proxy "
fi
authorizer_arg
=
""
if
[[
-n
"
${
ENABLE_RBAC
:-}
"
]]
;
then
if
[[
"
${
ENABLE_RBAC
}
"
=
true
]]
;
then
authorizer_arg
=
"--authorization-mode=RBAC "
fi
priv_arg
=
""
...
...
@@ -479,6 +488,20 @@ EOF
write_client_kubeconfig kube-proxy
write_client_kubeconfig controller
write_client_kubeconfig scheduler
if
[[
-z
"
${
AUTH_ARGS
}
"
]]
;
then
if
[[
"
${
ALLOW_ANY_TOKEN
}
"
=
true
]]
;
then
# use token authentication
if
[[
-n
"
${
KUBECONFIG_TOKEN
}
"
]]
;
then
AUTH_ARGS
=
"--token=
${
KUBECONFIG_TOKEN
}
"
else
AUTH_ARGS
=
"--token=system:admin/system:masters"
fi
else
# default to use basic authentication
AUTH_ARGS
=
"--username=admin --password=admin"
fi
fi
}
function
start_controller_manager
{
...
...
@@ -710,7 +733,7 @@ To start using your cluster, open up another terminal/tab and run:
export KUBERNETES_PROVIDER=local
cluster/kubectl.sh config set-cluster local --server=https://
${
API_HOST
}
:
${
API_SECURE_PORT
}
--certificate-authority=
${
ROOT_CA_FILE
}
cluster/kubectl.sh config set-credentials myself
--client-key=
${
CERT_DIR
}
/client-admin.key --client-certificate=
${
CERT_DIR
}
/client-admin.crt
cluster/kubectl.sh config set-credentials myself
${
AUTH_ARGS
}
cluster/kubectl.sh config set-context local --cluster=local --user=myself
cluster/kubectl.sh config use-context local
cluster/kubectl.sh
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment