Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation for k8s RBAC configuration #1404

Merged
merged 1 commit into from
Apr 12, 2017

Conversation

aolwas
Copy link

@aolwas aolwas commented Apr 8, 2017

This PR add documentation and manifest example to use Traefik with k8s 1.6+ and RBAC enabled

Copy link
Contributor

@errm errm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Member

@emilevauge emilevauge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @aolwas :)
LGTM

If your cluster is configured with RBAC, you need to authorize Træfɪk to use
kubernetes API using ClusterRole, ServiceAccount and ClusterRoleBinding resources:

```yaml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the example is identical to the inline definition, could we just point to the example instead of repeating it?

(This will avoid getting out of sync.)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

by inline definition, you mean the official k8s documentation ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No I mean the part starting in line 67. It seems to be identical to the example file you also included in this PR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

its a pain, but I feel there is some value in having things both inline (so the documentation can be read) and as a file so the example is runnable...

The ideal thing would be to have something inline the contents of a file into the rendered documentation, I don't know if the tool we are using supports that though?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, it does not seem to be supported.

Personally, I don't mind the flow break. After all, that's what hyperlinking is all about. :-)

That said, I'm not overly enthusiastic on this point. A bit of duplication is acceptable for me here.

Copy link
Author

@aolwas aolwas Apr 12, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@timoreimann You're right, the code in the documentation is embedded as is in the example file. I asked myself if I should provide only the example file but it seems to me more confortable for the reader to have directly the code in the doc.

Tell me what you think is the best.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm okay with keeping the inline spec, especially since you and @errm are in favor of it. Happy to let myself get overruled by the majority. :-)

As soon as you address the other point, we can merge.

Kubernetes introduces [Role Based Access Control (RBAC)](https://kubernetes.io/docs/admin/authorization/) in 1.6+ to allow fine-grained control
of Kubernetes resources and api.

If your cluster is configured with RBAC, you need to authorize Træfɪk to use
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't we using the normal spelling for Traefik these days instead of the special ae combo? @emilevauge?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, @aolwas could you replace Træfɪk by Træfik please ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used this spelling because I found it elsewhere in the document. Do you want me to also fix the spelling in the whole document ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aolwas thanks, but this is already done in #1368 :)

Copy link
Contributor

@timoreimann timoreimann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks.

@timoreimann timoreimann force-pushed the k8s-rbac-doc-update branch 2 times, most recently from 01ba647 to fc3cc9a Compare April 12, 2017 22:26
@timoreimann
Copy link
Contributor

Tests green, merging!

@timoreimann timoreimann merged commit 1da47df into traefik:master Apr 12, 2017
@timoreimann
Copy link
Contributor

Refs #1379.

@ldez ldez modified the milestone: 1.3 Apr 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants