问题
I'm trying to enable RBAC on my k8s cluster on azure. I ssh'ed into my master node and edited the kube-apiserver.yaml with the --authorization-mode=RBAC flag. Then I delete the kube-apiserver pod in order to restart the api server. However, when upon restart the --authorization-mode=RBAC config is ignored. Anybody have any advice?
Also the api server configuration is set to --v=10 and the image is v1.6.6
回答1:
Deleting the pod is not enough. You need to restart kubelet in order for the new options to be applied.
systemctl restart kubelet
回答2:
I was finally able to generate a cluster that would allow me to enable RBAC on azure by generating an arm template using Azure Container Service Engine: https://github.com/Azure/acs-engine
By using the above library I could create a new arm template with RBAC enabled and then use the Azure CLI to create a RBAC, configurable Kubernetes cluster.
来源:https://stackoverflow.com/questions/46552593/enabling-rbac-on-kubernetes-on-azure