Allow enabling RBAC
Change-Id: I647c7f67e165314025335d51df1aa9872997de8e
diff --git a/kubernetes/files/manifest/kube-apiserver.manifest b/kubernetes/files/manifest/kube-apiserver.manifest
index 3cf76c8..58afb82 100644
--- a/kubernetes/files/manifest/kube-apiserver.manifest
+++ b/kubernetes/files/manifest/kube-apiserver.manifest
@@ -46,6 +46,9 @@
--etcd-quorum-read=true
--v={{ master.get('verbosity', 2) }}
--allow-privileged=True
+ {%- if master.auth.get('mode') %}
+ --authorization-mode={{ master.auth.mode }}
+ {%- endif %}
{%- if master.apiserver.node_port_range is defined %}
--service-node-port-range {{ master.apiserver.node_port_range }}
{%- endif %}
diff --git a/kubernetes/master/controller.sls b/kubernetes/master/controller.sls
index 108bb07..282fd36 100644
--- a/kubernetes/master/controller.sls
+++ b/kubernetes/master/controller.sls
@@ -95,6 +95,9 @@
DAEMON_ARGS="
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,DefaultStorageClass
--allow-privileged=True
+ {%- if master.auth.get('mode') %}
+ --authorization-mode={{ master.auth.mode }}
+ {%- endif %}
{%- if master.auth.get('basic', {}).enabled|default(True) %}
--basic-auth-file={{ master.auth.basic.file|default("/srv/kubernetes/basic_auth.csv") }}
{%- endif %}