diff --git a/cluster/vagrant/kubernetes-1.7-workaround.yml b/cluster/vagrant/kubernetes-1.7-workaround.yml new file mode 100644 index 000000000000..26c28552cb92 --- /dev/null +++ b/cluster/vagrant/kubernetes-1.7-workaround.yml @@ -0,0 +1,52 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:controller:bootstrap-signer + namespace: kube-public +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - cluster-info + resources: + - configmaps + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:controller:bootstrap-signer + namespace: kube-public +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: system:controller:bootstrap-signer +subjects: +- kind: ServiceAccount + name: bootstrap-signer + namespace: kube-system diff --git a/cluster/vagrant/setup_kubernetes_master.sh b/cluster/vagrant/setup_kubernetes_master.sh index f1b555a13016..3e7c383ea368 100755 --- a/cluster/vagrant/setup_kubernetes_master.sh +++ b/cluster/vagrant/setup_kubernetes_master.sh @@ -53,6 +53,9 @@ else kubectl create -f kube-$NETWORK_PROVIDER.yaml fi +# Work around https://github.com/kubernetes/kubeadm/issues/335 until Kubernetes 1.7.1 is released +kubectl apply -f kubernetes-1.7-workaround.yml + # Allow scheduling pods on master # Ignore retval because it might not be dedicated already kubectl taint nodes master node-role.kubernetes.io/master:NoSchedule- || :