-
Notifications
You must be signed in to change notification settings - Fork 387
Service Catalog walkthrough is broken for minikube #1069
Comments
@MHBauer can you help with this?
|
Possibly related to kubernetes/minikube#1722 and kubernetes/minikube#1734 |
Strugled with minikube for a while. No result. Minikube needs to be started with Does everything work with |
I'm getting the same result with both local-up-cluster and minikube. After enabling RBAC and making the default service account cluster-admin, I see an authentication prompt when executing |
@jpeeler In order to get rid of that, I had to set a user/password combo for that context. So the full setup would look like the following:
Maybe @MHBauer you can comment on whether that is a true solution, and whether we should add that to the walkthrough and why it works? |
Okay, I think I was confused. That's with rbac, but without aggregation. Probably with auth. I'm not sure if there's a default that might be getting accidentally exposed here. I definitely didn't set |
@MHBauer do you think this is fixed, then?
…On Tue, Aug 1, 2017 at 2:03 PM, Morgan Bauer ***@***.***> wrote:
Okay, I think I was confused. That's with rbac, but without aggregation.
Probably with auth. I'm not sure if there's a default that might be getting
accidentally exposed here. I definitely didn't set admin:admin
credentials for anything intentionally.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1069 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAWXmN7NC7PPoWvnYmxmE609lE17aEueks5sT2hVgaJpZM4OkqVt>
.
|
I need to check some things, but if the SA needs permissions because of the tiller pod for helm, then
should really be a combination of
It's up to @jpeeler and @nilebox to confirm or deny whether the combo of the existing "minikube extra rbac config" and "set up the SA permissions" is good enough, or if there need to be more credentials above and beyond. |
I just tested with minikube again with RBAC enabled and I'm still getting prompted for credentials, but it works when adding them as described in #1069 (comment). |
Okay, I didn't even think of the credentials, this sounds like a kubectl bug. As far as I know, we're not setting up credentials, and that user/pass has no effect other than getting you past a prompt. |
I can confirm that @kibbles-n-bytes's list of actions (preceded with
@kibbles-n-bytes Currently we don't have any guidance for |
@nilebox I meant more the credentials issue, which isn't unique to minikube. We have a section (here) that describes setting up the context, so I was thinking we could add the credentials setup there to get rid of the prompt until the issue is fixed. However, I think also adding a mention of how to enable RBAC on minikube in the Troubleshooting section of the walkthrough would be good. |
@kibbles-n-bytes I am partially addressing this in #1163, and will continue to do so in follow-ups. cc/ @jboyd01 who is also doing work in this arena |
After introducing RBAC, Service Catalog walkthrough doesn't work for minikube anymore:
My understanding is that now there is a need for preconfiguring some roles in Kubernetes cluster before installing a Service Catalog helm chart.
It might be useful to add a script or separate documentation page describing this.
The text was updated successfully, but these errors were encountered: