Fix node authorization for cloudprovider installs (#1794)

In 1.8, the Node authorization mode should be listed first to
allow kubelet to access secrets. This seems to only impact
environments with cloudprovider enabled.

roles/kubespray-defaults/defaults/main.yaml

@@ -147,8 +147,8 @@ openstack_lbaas_enabled: false
 
 ## List of authorization modes that must be configured for
 ## the k8s cluster. Only 'AlwaysAllow', 'AlwaysDeny', 'Node' and
-## 'RBAC' modes are tested.
-authorization_modes: ['RBAC', 'Node']
+## 'RBAC' modes are tested. Order is important.
+authorization_modes: ['Node', 'RBAC']
 rbac_enabled: "{{ 'RBAC' in authorization_modes or kubeadm_enabled }}"
 
 ## List of key=value pairs that describe feature gates for