kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding minimal set of privileges required for vSphere Cloud Provider

reviewable/pr3356/r1
divyenpatel 2017-03-24 10:32:07 -07:00 committed by Andrew Chen
parent 44f8466d09
commit 854ac8ac52
1 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
docs/getting-started-guides/vsphere.md
View File

@ -55,6 +55,32 @@ export GOVC_INSECURE=1
govc vm.change -e="disk.enableUUID=1" -vm=<VMNAME>
```
* Create Role and User with Required Privileges for vSphere Cloud Provider
vSphere Cloud Provider requires the following minimal set of privileges to interact with vCenter:
Please refer [vSphere Documentation Center](http://pubs.vmware.com/vsphere-65/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-18071E9A-EED1-4968-8D51-E0B4F526FDA3.html&resultof=%22%43%72%65%61%74%65%22%20%22%63%72%65%61%74%22%20%22%43%75%73%74%6f%6d%22%20%22%63%75%73%74%6f%6d%22%20%22%52%6f%6c%65%22%20%22%72%6f%6c%65%22%20) to know about steps for creating a Custom Role, User and Role Assignment.
Note: Assign Permissions at vCenter Level and make sure to check Propagate.
```
Datastore > Allocate space
Datastore > Low level file Operations
Virtual Machine > Configuration > Add existing disk
Virtual Machine > Configuration > Add or remove device
Virtual Machine > Configuration > Remove disk
```
For VSAN policy based volume provisioning feature, following additional privileges are required.
```
Network > Assign network
Virtual machine > Configuration > Add new disk
Virtual Machine > Inventory > Create new
Virtual machine > Configuration > Add new disk
Resource > Assign virtual machine to resource pool
```
* Provide the cloud config file to each instance of kubelet, apiserver and controller manager via ```--cloud-config=<path to file>``` flag. Cloud config [template can be found at Kubernetes-Anywhere](https://github.com/kubernetes/kubernetes-anywhere/blob/master/phase1/vsphere/vsphere.conf)
Sample Config:
@ -80,8 +106,6 @@ Sample Config:
#### Known issues
* [Unable to execute command on pod container using kubectl exec](https://github.com/kubernetes/kubernetes-anywhere/issues/337)
### Kube-up (Deprecated)
Kube-up.sh is no longer supported and is deprecated. The steps for kube-up are included but going forward [kube-anywhere](https://github.com/kubernetes/kubernetes-anywhere) is preferred.