Skip to content

Instantly share code, notes, and snippets.

@udomsak

udomsak/command.sh

Created December 20, 2018 07:43
Show Gist options
  • Save udomsak/3259303eecd6f111459495f7c66cceb6 to your computer and use it in GitHub Desktop.
Save udomsak/3259303eecd6f111459495f7c66cceb6 to your computer and use it in GitHub Desktop.
Download ZIP
kubectl apply rbac rules to microk8s
Raw
command.sh
# Restart API server
systemctl restart snap.microk8s.daemon-apiserverd
# Apply rules
kubectl apply -f rbac-microk8s.yml
# Check running
kubectl get clusterroles cluster-admin
Raw
kube-apiserver
--insecure-bind-address=0.0.0.0
--cert-dir=${SNAP_DATA}
--etcd-servers='unix://etcd.socket:2379'
--service-cluster-ip-range=10.152.183.0/24
--authorization-mode=AlwaysAllow
--basic-auth-file=${SNAP}/basic_auth.csv
--token-auth-file=${SNAP}/known_token.csv
--enable-admission-plugins="NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
--service-account-key-file=${SNAP_DATA}/certs/serviceaccount.key
--client-ca-file=${SNAP_DATA}/certs/ca.crt
--tls-cert-file=${SNAP_DATA}/certs/server.crt
--tls-private-key-file=${SNAP_DATA}/certs/server.key
--requestheader-client-ca-file=${SNAP_DATA}/certs/ca.crt
--authorization-mode=RBAC
Raw
rbac-apiserver.microk8s.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: microk8s-rbac
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: kube-system
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment