diff --git a/docs/getting-started-guides/vsphere.md b/docs/getting-started-guides/vsphere.md index 13b5ca5609..9e50ac55c5 100644 --- a/docs/getting-started-guides/vsphere.md +++ b/docs/getting-started-guides/vsphere.md @@ -55,6 +55,32 @@ export GOVC_INSECURE=1 govc vm.change -e="disk.enableUUID=1" -vm= ``` +* Create Role and User with Required Privileges for vSphere Cloud Provider + +vSphere Cloud Provider requires the following minimal set of privileges to interact with vCenter: + +Please refer [vSphere Documentation Center](http://pubs.vmware.com/vsphere-65/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-18071E9A-EED1-4968-8D51-E0B4F526FDA3.html&resultof=%22%43%72%65%61%74%65%22%20%22%63%72%65%61%74%22%20%22%43%75%73%74%6f%6d%22%20%22%63%75%73%74%6f%6d%22%20%22%52%6f%6c%65%22%20%22%72%6f%6c%65%22%20) to know about steps for creating a Custom Role, User and Role Assignment. + +Note: Assign Permissions at vCenter Level and make sure to check Propagate. + +``` +Datastore > Allocate space +Datastore > Low level file Operations +Virtual Machine > Configuration > Add existing disk +Virtual Machine > Configuration > Add or remove device +Virtual Machine > Configuration > Remove disk +``` + +For VSAN policy based volume provisioning feature, following additional privileges are required. + +``` +Network > Assign network +Virtual machine > Configuration > Add new disk +Virtual Machine > Inventory > Create new +Virtual machine > Configuration > Add new disk +Resource > Assign virtual machine to resource pool +``` + * Provide the cloud config file to each instance of kubelet, apiserver and controller manager via ```--cloud-config=``` flag. Cloud config [template can be found at Kubernetes-Anywhere](https://github.com/kubernetes/kubernetes-anywhere/blob/master/phase1/vsphere/vsphere.conf) Sample Config: @@ -80,8 +106,6 @@ Sample Config: #### Known issues -* [Unable to execute command on pod container using kubectl exec](https://github.com/kubernetes/kubernetes-anywhere/issues/337) - ### Kube-up (Deprecated) Kube-up.sh is no longer supported and is deprecated. The steps for kube-up are included but going forward [kube-anywhere](https://github.com/kubernetes/kubernetes-anywhere) is preferred.