Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

How can you set cluster username / password, or pass --insecure-bind-address to kube-apiserver ? #175

Open
bw2 opened this issue May 14, 2017 · 8 comments

Comments

@bw2
Copy link

bw2 commented May 14, 2017

I'm trying to deploy the cockpit container (https://github.com/cockpit-project/cockpit) to a kube-solo cluster, but can't figure out how to use cockpit's authentication mechanism with kube-solo.

When I deploy to google container engine - I can login to cockpit using the cluster's "admin" username and password which I can look up using kubectl config view .

How can I set up equivalent credentials in kube-solo?

Ps. I asked the developers of cockpit:
cockpit-project/cockpit#6549

and they suggested another workaround - which is to run kube-apiserver with --insecure-bind-address or --basic-auth-file

but I'm not sure how to do this either

@rimusz
Copy link
Member

rimusz commented Jun 6, 2017

sorry for the late delay, you can add the --insecure-bind-address or --basic-auth-file in this part https://github.com/TheNewNormal/kube-solo-osx/blob/master/src/cloud-init/user-data#L164-L179

@bw2
Copy link
Author

bw2 commented Jun 11, 2017

I tried creating a password file using htpasswd and adding --basic-auth-file=/Users/weisburd/kube-solo/cloud-init/basicauth

but then VM startup stalls on
Waiting for etcd service to be ready on VM...

@rimusz
Copy link
Member

rimusz commented Jun 11, 2017

where are you adding --basic-auth-file=/Users/weisburd/kube-solo/cloud-init/basicauth to?

@bw2
Copy link
Author

bw2 commented Jun 11, 2017

to this list
https://github.com/TheNewNormal/kube-solo-osx/blob/master/src/cloud-init/user-data#L164-L179
in /Users/weisburd/kube-solo/user-data

@rimusz
Copy link
Member

rimusz commented Jun 11, 2017

you cannot point to file that way, copy that file to VM first

@bw2
Copy link
Author

bw2 commented Jun 11, 2017

sorry I don't understand re. user-data. Which directory should the file be placed in on the VM?
I just tried SSH'ing into the VM and looking for it, but I again only see it in ~/kube-solo/cloud-init/user-data:

core@k8solo-01 ~ $ sudo find / -name "user-data"
find: `/data/var/lib/rkt/pods/exited-garbage/c6c28aca-c35a-4548-9cf0-046aad05b5b5/stage1/rootfs/opt/stage2/flannel/rootfs/sys/kernel/debug/tracing': No such file or directory


/Users/weisburd/kube-solo/cloud-init/user-data

and same thing in the repo:
https://github.com/TheNewNormal/kube-solo-osx/search?utf8=%E2%9C%93&q=+user-data&type=

@rimusz
Copy link
Member

rimusz commented Jun 11, 2017

here is the part where you can add files https://github.com/TheNewNormal/kube-solo-osx/blob/master/src/cloud-init/user-data#L270 them use that path --basic-auth

@bw2
Copy link
Author

bw2 commented Jun 11, 2017

Just tried setting

 # Start API server
        ExecStart=/data/opt/bin/kube-apiserver \
          --client-ca-file=/data/kubernetes/ca.crt \
          --tls-cert-file=/data/kubernetes/server.cert \
          --tls-private-key-file=/data/kubernetes/server.key \
          --admission_control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,ServiceAccount,ResourceQuota \
          --service_account_key_file=/data/kubernetes/server.key \
          --service_account_lookup=false \
          --allow_privileged=true \
          --insecure_bind_address=0.0.0.0 \
          --insecure_port=8080 \
          --kubelet_https=true \
          --secure_port=6443 \
          --service-cluster-ip-range=10.100.0.0/16 \
          --etcd_servers=http://127.0.0.1:2379 \
          --bind-address=0.0.0.0 \
          --logtostderr=true \
          --basic-auth=/opt/basicauth

and

write-files:
 - path: /opt/basicauth
   permissions: '0644'
   content: |
     weisburd:$apr1$8ikh...hash
 - path: /opt/sbin/wupiao
   permissions: '0755'
   content: |
      #!/bin/bash
   ...

it once again hangs at the Waiting for etcd service to be ready on VM... step,
but if I take out the --basic-auth=/opt/basicauth line it does boot

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants