Skip to content

Commit

Permalink
vagrant: Work around controller race bug until Kubernetes 1.7.1 is re…
Browse files Browse the repository at this point in the history
…leased

When nodes try to join a master, they can fail because cluster-info is
not updated with the expected tokens. To work around that, add the
required Role and RoleBinging to let the token signer do its work in
time. See kubernetes/kubeadm#335 for details
about the workaround.

Signed-off-by: Roman Mohr <rmohr@redhat.com>
  • Loading branch information
rmohr committed Jul 6, 2017
1 parent 8bcdddf commit f09127d
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 0 deletions.
52 changes: 52 additions & 0 deletions cluster/vagrant/kubernetes-1.7-workaround.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:controller:bootstrap-signer
namespace: kube-public
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- cluster-info
resources:
- configmaps
verbs:
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:controller:bootstrap-signer
namespace: kube-public
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: system:controller:bootstrap-signer
subjects:
- kind: ServiceAccount
name: bootstrap-signer
namespace: kube-system
3 changes: 3 additions & 0 deletions cluster/vagrant/setup_kubernetes_master.sh
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,9 @@ else
kubectl create -f kube-$NETWORK_PROVIDER.yaml
fi

# Work around https://github.com/kubernetes/kubeadm/issues/335 until Kubernetes 1.7.1 is released
kubectl apply -f kubernetes-1.7-workaround.yml

# Allow scheduling pods on master
# Ignore retval because it might not be dedicated already
kubectl taint nodes master node-role.kubernetes.io/master:NoSchedule- || :
Expand Down

0 comments on commit f09127d

Please sign in to comment.