kubernetes
/
minikube
mirror of https://github.com/kubernetes/minikube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update localkube to use socat with tls auth

pull/1905/head
Phu Kieu 2017-08-29 17:08:50 -07:00 committed by dlorenc
parent dd91fea301
commit 8fe16fdf94
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
deploy/docker/README.md
View File

@ -54,9 +54,6 @@ $ docker run -d \
$ docker exec minikube sh -c 'echo 127.0.0.1 ${HOSTNAME} >> /etc/hosts' $ docker exec minikube sh -c 'echo 127.0.0.1 ${HOSTNAME} >> /etc/hosts'
``` ```
###### Issues
* kube-proxy will not work until [#1215](https://github.com/kubernetes/minikube/issues/1215) is resolved
###### Manifests ###### Manifests
Copy manifests to ${HOME}/.minikube/manifests Copy manifests to ${HOME}/.minikube/manifests
* kube-addon-manager * kube-addon-manager
@ -69,13 +66,13 @@ metadata:
namespace: kube-system namespace: kube-system
labels: labels:
component: kube-addon-manager component: kube-addon-manager
version: v6.1 version: v6.4
kubernetes.io/minikube-addons: addon-manager kubernetes.io/minikube-addons: addon-manager
spec: spec:
hostNetwork: true hostNetwork: true
containers: containers:
- name: kube-addon-manager - name: kube-addon-manager
image: gcr.io/google-containers/kube-addon-manager:v6.3 image: gcr.io/google-containers/kube-addon-manager:v6.4-beta.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: resources:
requests: requests:
@ -102,29 +99,36 @@ spec:
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: kube-apiserver-proxy name: socat
namespace: kube-system namespace: kube-system
spec: spec:
containers: containers:
- name: nginx - name: busybox
image: calpicow/kube-apiserver-proxy:latest image: calpicow/alpine-socat:latest
imagePullPolicy: IfNotPresent
command:
- socat
- tcp-listen:8001,reuseaddr,fork
- tcp:10.0.0.1:443
ports: ports:
- containerPort: 8080 - containerPort: 8001
hostPort: 8080 hostPort: 8001
volumeMounts:
- name: localkube-certs
mountPath: /mnt
readOnly: true
volumes:
- name: localkube-certs
hostPath:
path: ${HOME}/.minikube/certs
``` ```
###### Issues
* We need to enable `--insecure-skip-tls-verify` since localkube does not generate a cert for localhost
#### kubectl configuration
Then to setup `kubectl` to use this cluster: Then to setup `kubectl` to use this cluster:
```console ```console
kubectl config set-cluster localkube-image --server=http://127.0.0.1:8080 --api-version=v1 kubectl config set-cluster localkube-image --server=http://127.0.0.1:8080 --api-version=v1
kubectl config set-context localkube-image --cluster=localkube-image kubectl config set-context localkube-image --cluster=localkube-image
kubectl config use-context localkube-image kubectl config use-context localkube-image
``` ```
Or for Mac/Windows:
```console
kubectl config set-cluster localkube-image --server=https://localhost:8001 --insecure-skip-tls-verify=true
kubectl config set-credentials localkube-image --certificate-authority="${HOME}"/.minikube/certs/ca.crt --client-certificate="${HOME}"/.minikube/certs/apiserver.crt --client-key="${HOME}"/.minikube/certs/apiserver.key
kubectl config set-context localkube-image --cluster=localkube-image --user=localkube-image
```
Now `kubectl` should be configured to properly access your local k8s environment Now `kubectl` should be configured to properly access your local k8s environment