Add RBAC support for canal (#1604)

Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
2026-02-28 09:39:12 +03:00 · 2017-09-04 11:29:40 +03:00
parent 702ce446df
commit a3e6896a43
18 changed files with 274 additions and 46 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -269,9 +269,10 @@ before_script:
  ##User-data to simply turn off coreos upgrades
  STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd'

-.ubuntu_canal_ha_variables: &ubuntu_canal_ha_variables
+.ubuntu_canal_ha_rbac_variables: &ubuntu_canal_ha_rbac_variables
 # stage: deploy-gce-part1
  KUBE_NETWORK_PLUGIN: canal
+  AUTHORIZATION_MODES: "{ 'authorization_modes':  [ 'RBAC' ] }"
  CLOUD_IMAGE: ubuntu-1604-xenial
  CLOUD_REGION: europe-west1-b
  CLUSTER_MODE: ha
@@ -445,24 +446,24 @@ ubuntu-weave-sep-triggers:
  only: ['triggers']

 # More builds for PRs/merges (manual) and triggers (auto)
-ubuntu-canal-ha:
+ubuntu-canal-ha-rbac:
  stage: deploy-gce-part1
  <<: *job
  <<: *gce
  variables:
    <<: *gce_variables
-    <<: *ubuntu_canal_ha_variables
+    <<: *ubuntu_canal_ha_rbac_variables
  when: manual
  except: ['triggers']
  only: ['master', /^pr-.*$/]

-ubuntu-canal-ha-triggers:
+ubuntu-canal-ha-rbac-triggers:
  stage: deploy-gce-part1
  <<: *job
  <<: *gce
  variables:
    <<: *gce_variables
-    <<: *ubuntu_canal_ha_variables
+    <<: *ubuntu_canal_ha_rbac_variables
  when: on_success
  only: ['triggers']