Hi, I created a cluster with kops - all-defaults settings, and now realized that it runs with the Always allow Authorization scheme.
I'm trying now to change that, but don't understand how exactly. I read https://github.com/kubernetes/kops/blob/master/docs/changing_configuration.md and tried to use "kops edit cluster" to change the config lines authorization: alwaysAllow: {} to authorization: rbac: {} then ran kops update cluster --yes and kops rolling-update --yes But that seems to do just nothing. The apiserver is still running with " --authorization-mode=AlwaysAllow" on the master. Looking deeper into it confuses me a bit, because there are places where the config option to do this is called "AuthorizationMode" (https://github.com/kubernetes/kops/blob/master/pkg/apis/kops/componentconfig.go) and others where it is AuthorizationSpec (e.g. https://godoc.org/k8s.io/kops/pkg/apis/kops#AuthorizationSpec). -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
