Update RBAC note to include information how to enable RBAC #12
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
馃憢
I've experimented with Travis and Minikube quite a bit and found out that RBAC is not enabled by default (even when running 1.9 and 1.10), so I decided to create a PR to update the README file.
RBAC can be enabled by starting Minikube with the
--extra-config=apiserver.Authorization.Mode=RBAC
flag. However, this brings up several problems with other components due to missing RBAC permissions.There're several solutions to this problem. More details can be found in kubernetes/minikube#1722. Probably the most easiest, but not the most secure one is to give
cluster-admin
permissions to thedefault
ServiceAccount in thekube-system
namespace.Here's a little snippet for verifying this. This manifest creates Role and RoleBinding to allow the
sa
ServiceAccount to list and get Secrets.Now, tell
kubectl
about thesa
ServiceAccount:Listing Secrets should work as expected:
Trying to create a Secret should result in an error:
However, in Minikube cluster started without RBAC flag it works:
I was not sure is this PR needed and how to fix this, so if you have any other idea, let me know. Another solution could be to add the flag to the
.travis.yml
as well.Relevant to kubernetes/minikube#1722