Skip to content

Instantly share code, notes, and snippets.

@antonfisher
Last active September 24, 2021 09:53
Show Gist options
  • Save antonfisher/d4cb83ff204b196058d79f513fd135a6 to your computer and use it in GitHub Desktop.
Save antonfisher/d4cb83ff204b196058d79f513fd135a6 to your computer and use it in GitHub Desktop.
MicroK8s add --allow-privileged=true flag

Add --allow-privileged=true to:

# kubelet config
sudo vim /var/snap/microk8s/current/args/kubelet

#kube-apiserver config
sudo vim /var/snap/microk8s/current/args/kube-apiserver

Restart services:

sudo systemctl restart snap.microk8s.daemon-kubelet.service
sudo systemctl restart snap.microk8s.daemon-apiserver.service
Copy link

ghost commented Aug 12, 2019

On the latest version, you need to sudo vim /var/snap/microk8s/current/args/kube-apiserver and add PodSecurityPolicy to the admission plugins-

--- kube-apiserver-old	2019-08-11 17:48:42.367840343 -0700
+++ kube-apiserver-new	2019-08-11 17:48:28.199502772 -0700
@@ -4,7 +4,7 @@
 --service-cluster-ip-range=10.152.183.0/24
 --authorization-mode=AlwaysAllow
 --basic-auth-file=${SNAP_DATA}/credentials/basic_auth.csv
---enable-admission-plugins="NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
+--enable-admission-plugins="NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,PodSecurityPolicy"
 --service-account-key-file=${SNAP_DATA}/certs/serviceaccount.key
 --client-ca-file=${SNAP_DATA}/certs/ca.crt
 --tls-cert-file=${SNAP_DATA}/certs/server.crt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment