knative
/
docs
mirror of https://github.com/knative/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enable certificate controller on Minikube (#506) 

The certificate controller is required to configure the istio sidecar
injector webhook, but Minikube doesn't give it the paths to the CA certs
by default, so it can't start.

These paths are local to the VM, not the host machine, so they are the
same for all users.
This commit is contained in:
Grant Rodgers 2018-03-27 09:27:13 -07:00 committed by GitHub
parent 7597b85cb3
commit 31c72e9a24
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
creating-a-kubernetes-cluster.md
View File

@ -81,11 +81,18 @@ To use a k8s cluster running in GKE:
default](https://github.com/kubernetes/minikube/pull/2547),the
MutatingAdmissionWebhook plugin must be manually enabled._
_Until minikube [makes this the
default](https://github.com/kubernetes/minikube/issues/1647), the
certificate controller must be told where to find the cluster CA certs on
the VM._
```shell
minikube start \
--kubernetes-version=v1.9.0 \
--vm-driver=kvm2 \
--extra-config=apiserver.Admission.PluginNames=DenyEscalatingExec,LimitRanger,NamespaceExists,NamespaceLifecycle,ResourceQuota,ServiceAccount,DefaultStorageClass,SecurityContextDeny,MutatingAdmissionWebhook
--extra-config=apiserver.Admission.PluginNames=DenyEscalatingExec,LimitRanger,NamespaceExists,NamespaceLifecycle,ResourceQuota,ServiceAccount,DefaultStorageClass,SecurityContextDeny,MutatingAdmissionWebhook \
--extra-config=controller-manager.ClusterSigningCertFile="/var/lib/localkube/certs/ca.crt" \
--extra-config=controller-manager.ClusterSigningKeyFile="/var/lib/localkube/certs/ca.key"
```
### Minikube with GCR