Skip to content

Commit 2bd85d6

Browse files
MHBauerMHBauer
committed
Merge branch 'pr/1076'
LGTM from: arschles MHBauer
2 parents d8b7899 + e324287 commit 2bd85d6

File tree

3 files changed

+21
-4
lines changed

3 files changed

+21
-4
lines changed

charts/catalog/templates/controller-manager-deployment.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,9 @@ spec:
5555
- --service-catalog-api-server-url
5656
- https://{{ template "fullname" . }}-apiserver
5757
{{- end }}
58+
{{ if .Values.controllerManager.apiserverSkipVerify -}}
5859
- "--service-catalog-insecure-skip-verify=true"
60+
{{- end }}
5961
- -v
6062
- "{{ .Values.controllerManager.verbosity }}"
6163
- --resync-interval

charts/catalog/values.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
# Default values for Service Catalog
2+
# determines whether the API server should be registered with the kube-aggregator
3+
useAggregator: false
24
apiserver:
35
# apiserver image to use
46
image: quay.io/kubernetes-service-catalog/apiserver:v0.0.14
@@ -93,4 +95,5 @@ controllerManager:
9395
# Whether the controller has option to set leader election namespace.
9496
activated: false
9597
serviceAccount: service-catalog-controller-manager
96-
useAggregator: false
98+
# Controls whether the API server's TLS verification should be skipped.
99+
apiserverSkipVerify: true

docs/walkthrough.md

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ DNS enabled already.
1616
* If you are using hack/local-up-cluster.sh, ensure the
1717
`KUBE_ENABLE_CLUSTER_DNS` environment variable is set as follows:
1818

19-
```console
20-
KUBE_ENABLE_CLUSTER_DNS=true hack/local-up-cluster.sh -O
21-
```
19+
```console
20+
hack/local-up-cluster.sh -O
21+
```
2222

2323
### Getting Helm and installing Tiller
2424

@@ -32,6 +32,18 @@ be done with Helm setup.
3232
If you don't already have Helm v2, see the
3333
[installation instructions](https://github.com/kubernetes/helm/blob/master/docs/install.md).
3434

35+
### RBAC Considerations
36+
37+
If your kubernetes cluster has [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)
38+
enabled, you must ensure that the default service account for the `kube-system`
39+
namespace has the `cluster-admin` role:
40+
41+
```console
42+
kubectl create clusterrolebinding default-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
43+
```
44+
45+
This is required in order for helm to work correctly in clusters with RBAC enabled.
46+
3547
## Step 1 - Installing the Service Catalog
3648

3749
The service catalog is packaged as a Helm chart located in the

0 commit comments

Comments
 (0)