Enable RBAC by default

[r2d4]

Is this a BUG REPORT or FEATURE REQUEST? (choose one): feature-request

Enable RBAC in the k8s cluster by default. A lot of tools do this already (hack/cluster-up, kubeadm, etc.). So it might bring minikube closer to CI/test/production environments. I think it would only entail changing some of the cluster addons and enabling the flag.

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle stale

[timoreimann]

This would still be super desirable to have from my perspective. Happy to drive a change if there's consensus on the usefulness of the feature.

/remove-lifecycle stale

[DavidWylie]

This would be a great change to help keep local development and cluster in sync.

[kfox1111]

+1. us operators are finding devs that use minikube for development often don't come up with the right rbac rules that would allow the system to work when handed to us.

[rayterrill]

+1. Struggling through a bunch of issues because I assumed minikube would work OOTB with RBAC enabled. Looks like at least kube-dns still needs RBAC rules tweaked to work correctly under RBAC (this is from minikube v0.25.0):

E0127 22:20:07.928086       1 reflector.go:199] k8s.io/dns/vendor/k8s.io/client-go/tools/cache/reflector.go:94: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:kube-system:default" cannot list configmaps in the namespace "kube-system"