Skip to content
This repository has been archived by the owner on May 6, 2022. It is now read-only.

Tweaks to the walkthrough for local-up-cluster #1076

Merged
merged 1 commit into from
Jul 31, 2017
Merged

Tweaks to the walkthrough for local-up-cluster #1076

merged 1 commit into from
Jul 31, 2017

Conversation

pmorie
Copy link
Contributor

@pmorie pmorie commented Jul 28, 2017

A couple tweaks were necessary for me to make the walkthrough run on a cluster created with local-up-cluster.sh:

  • Needed to make the default service account for the kube-system namespace a cluster admin
  • Needed a knob to turn off TLS skip verify for the controller -> SC API server connection (you can't set insecure skip verify AND provide root cert data at the same time)

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 28, 2017
arschles
arschles approved these changes Jul 31, 2017
View reviewed changes
Copy link
Contributor

@arschles arschles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am assuming you tested this @pmorie, and it looks good to me, so I'm LGTMing it.

@arschles arschles added the LGTM1 label Jul 31, 2017
sjenning
sjenning reviewed Jul 31, 2017
View reviewed changes
docs/walkthrough.md Outdated
KUBE_ENABLE_CLUSTER_DNS=true hack/local-up-cluster.sh -O
```
```console
KUBE_ENABLE_CLUSTER_DNS=true hack/local-up-cluster.sh -O
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

KUBE_ENABLE_CLUSTER_DNS=true is the default in kube now

MHBauer
MHBauer reviewed Jul 31, 2017
View reviewed changes
charts/catalog/templates/controller-manager-deployment.yaml
- "--service-catalog-insecure-skip-verify=true"
{{- end }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall question:
Do we need an issue to make sure every single flag is helm exposed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1083

MHBauer
MHBauer approved these changes Jul 31, 2017
View reviewed changes
Copy link
Contributor

@MHBauer MHBauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some research makes it LGTM.

docs/walkthrough.md
namespace has the `cluster-admin` role:

```console
kubectl create clusterrolebinding default-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kubeadm sets up this level of access, and while I have to include the disclaimer that kubeadm is not production ready, I have to somewhat assume that a decision was made that this is the correct level of access.

An additional data point is that Bluemix does include this serviceAccount bound to this level of access.

@pmorie pmorie mentioned this pull request Jul 31, 2017
Closed
@MHBauer MHBauer merged commit e324287 into kubernetes-retired:master Jul 31, 2017
@kibbles-n-bytes kibbles-n-bytes mentioned this pull request Aug 1, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sjenning sjenning sjenning left review comments

@arschles arschles arschles approved these changes

@MHBauer MHBauer MHBauer approved these changes

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. LGTM1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pmorie @arschles @sjenning @MHBauer @k8s-ci-robot