From 5b0ea2fa5e0406bdb329d90aabd7db40e9574d93 Mon Sep 17 00:00:00 2001 From: Jakub Scholz Date: Mon, 2 Apr 2018 14:33:27 +0200 Subject: [PATCH 1/3] Enable RBAC in Minikube - Closes #287 Add role through sudo Remove sudo Do not add binding Is the cluster available later? Further debugging More debugging More debugging More debugging More debugging Increase timeout --- .travis/setup-kubernetes.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.travis/setup-kubernetes.sh b/.travis/setup-kubernetes.sh index 925dca0d59d..f1339b061c5 100755 --- a/.travis/setup-kubernetes.sh +++ b/.travis/setup-kubernetes.sh @@ -1,6 +1,6 @@ #!/bin/bash -rm ~/.kube/config +rm -rf ~/.kube function install_kubectl { curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl @@ -22,8 +22,10 @@ if [ "$TEST_CLUSTER" = "minikube" ]; then docker run -d -p 5000:5000 registry export KUBECONFIG=$HOME/.kube/config - sudo -E minikube start --vm-driver=none --insecure-registry localhost:5000 + sudo -E minikube start --vm-driver=none --insecure-registry localhost:5000 --extra-config=apiserver.Authorization.Mode=RBAC sudo -E minikube addons enable default-storageclass + sleep 10 + kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default elif [ "$TEST_CLUSTER" = "minishift" ]; then #install_kubectl MS_VERSION=1.13.1 From 9a081e94179ba7e933a3103d840493f3c478bee7 Mon Sep 17 00:00:00 2001 From: Jakub Scholz Date: Mon, 2 Apr 2018 20:29:50 +0200 Subject: [PATCH 2/3] MAke waiting for Minikube better --- .travis/setup-kubernetes.sh | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/.travis/setup-kubernetes.sh b/.travis/setup-kubernetes.sh index f1339b061c5..222a5fd7601 100755 --- a/.travis/setup-kubernetes.sh +++ b/.travis/setup-kubernetes.sh @@ -7,6 +7,24 @@ function install_kubectl { sudo cp kubectl /usr/bin } +function wait_for_minikube { + i="0" + + while [ $i -lt 60 ] + do + kubectl cluster-info &> /dev/null + if [ $? -ne 0 ] + then + sleep 1 + else + return 0 + fi + i=$[$i+1] + done + + return 1 +} + if [ "$TEST_CLUSTER" = "minikube" ]; then install_kubectl curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube @@ -24,8 +42,16 @@ if [ "$TEST_CLUSTER" = "minikube" ]; then export KUBECONFIG=$HOME/.kube/config sudo -E minikube start --vm-driver=none --insecure-registry localhost:5000 --extra-config=apiserver.Authorization.Mode=RBAC sudo -E minikube addons enable default-storageclass - sleep 10 - kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default + + wait_for_minikube + + if [ $? -ne 0 ] + then + echo "Minikube failed to start" + exit 1 + else + kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default + fi elif [ "$TEST_CLUSTER" = "minishift" ]; then #install_kubectl MS_VERSION=1.13.1 From 6644d52a2b17dbbe88ab844222dfeee817aaa514 Mon Sep 17 00:00:00 2001 From: Jakub Scholz Date: Mon, 2 Apr 2018 20:36:37 +0200 Subject: [PATCH 3/3] Add explanatory comment --- .travis/setup-kubernetes.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis/setup-kubernetes.sh b/.travis/setup-kubernetes.sh index 222a5fd7601..e75edb2fcd1 100755 --- a/.travis/setup-kubernetes.sh +++ b/.travis/setup-kubernetes.sh @@ -50,6 +50,10 @@ if [ "$TEST_CLUSTER" = "minikube" ]; then echo "Minikube failed to start" exit 1 else + # The role needs to be added because Minikube is not fully prepared for RBAC. + # Without adding the cluster-admin rights to the default service account in kube-system + # some components would be crashing (such as KubeDNS). This should have no impact on + # RBAC for Strimzi during the system tests. kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default fi elif [ "$TEST_CLUSTER" = "minishift" ]; then