Enable RBAC in Minikube - Closes #287 #343
Conversation
Add role through sudo Remove sudo Do not add binding Is the cluster available later? Further debugging More debugging More debugging More debugging More debugging Increase timeout
.travis/setup-kubernetes.sh
Outdated
| sudo -E minikube addons enable default-storageclass | ||
| sleep 10 | ||
| kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default |
There was a problem hiding this comment.
out of curiosity ... what's the purpose for this one ?
There was a problem hiding this comment.
I should have explained it in the description probably.
When RBAC is enabled, KubeDNS and Kubernetes Dashboard will not work because of missing permissions (do not ask me why Minikube still doesn't support RBAC properly). To work around it I create a new binding which gives all deployments using the default service account the cluster admin access. That gets them running.
The sleep 10 is there because it seems that although minikube says the cluster is ready, the connections from kubectl are not accepted. Waiting for 10 seconds seems to solve that issue (5 seconds were not enough).
There was a problem hiding this comment.
I think it's probably worth commenting the kubectl create clusterrolebinding , because I for one will forget what it's there for.
I've noticed the problem with minikube start finishing before the cluster is fully up. But I suspect that sleeping for 10 seconds is likely to be flaky sometimes. Maybe we should code the kubectl create in a loop until it is successful?
There was a problem hiding this comment.
(now even with the explanatory comment why the binding is needed)
Type of change
BugfixRefactoringDescription
This PR makes sure that the
minikubeused in TravisCI for system tests will be running with enabled RBAC. This should close issue #287