-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure access to minikube #11
Comments
+1. This is definitely a requirement, even for local clusters. |
This will have a lot in common with #10 . We can re-use the certificate generation from this PR: redspread/localkube#50 and make sure to pass a secure bind address/PORT to the API server later in initialization. Note that we'll need a way to transfer the certs back out of the VM with this approach, though. It looks like most of Docker machine does this the other way: certs are generated on the client and uploaded to the server. |
Here's how most k8s distributions seem to generate the certs: We could run this from the client, then use SSH to "cat" the files to retrieve the contents and place them in a local directory for kubectl to use. |
cc @vishh @ethernetdan @Runseb
But that isn't terribly user friendly. What do you think about having minikube write it's own kubecfg file, and then provide a $(minikube init) function that exports the KUBECONFIG env variable to point kubectl at this file? Experienced users can then run minikube init without the $() to see the parameters so they can use this cluster in their main kubecfg if they want to. |
@dlorenc why not update the kube config directly from minikube? We can reserve a cluster name, |
We could update that cluster as well. We'd then have to make sure to also set the context so a bare "kubectl get pods" or something works, without the user needing to specify the context. Do you think changing the context automatically would be surprising to users that have multiple clusters? |
Given that people who run On Thu, Apr 28, 2016 at 1:49 PM, dlorenc [email protected] wrote:
|
Prototype here: https://github.com/dlorenc/minikube/tree/auth Need to get localkube merged in here, and some changes made to localkube to support certs. |
Closed with #48 |
We still have some follow on work to make the configuration easier, though. See #50 |
Check that cross compilation hasnt broken by building on Travis
Fixed README.md Quickstart minikube command
add image pull secret to new service accounts
We should have secure access to minikube.
Even with a self signed cert, it should be https and with token access.
The text was updated successfully, but these errors were encountered: