Trying to simply connect to the master ui ui interface.
I guess we got it all in the title, Just tried any commands related to auth, nothing to do. kubectl config view won't provide a user and its associated password.
Hope that'll sound obvious to some;
Best
If you are running the Google gke, you may not find your admin pass(web-ui too) with kubectl config view.
However, you can get it from https://console.cloud.google.com/ --> Container Engine --> Show Credentials.
Related
I am trying to login to Rundeck community (4.5.0) that I installed on a AWS ECS cluster behind an Application Load Balancer. The health checks on target groups are good/healthy and I can reach the landing page of Rundeck too.
Once I enter default admin credentials, the page keeps loading for more an hour and times out eventually. There are no error logs in Cloudwatch as well. Same image works locally but not on AWS setup.
Any ideas or suggestions on how to solve this is welcome.
You need to set RUNDECK_SERVER_FORWARDED=true env var in your deployment. Take a look at this.
I am newbie to K8s and still testing things. I have got prometheus running outside my cluster. I am using admin creds to hit kube api server to get metrics in to my prometheus which at the moment is working fine.
I want to create another user only to scrape metrics. While searching, i could not find any documentation on creating a user with user id and password.
Also, we are managing our repo in gitlab with pipeline. Is it possible to create user using yaml config instead of kubectl as given in the documentation.
Thanks
Eswar
According to Prometheus docs:
Prometheus does not directly support basic authentication (aka "basic auth") for connections to the Prometheus expression browser and HTTP API. If you'd like to enforce basic auth for those connections, we recommend using Prometheus in conjunction with a reverse proxy and applying authentication at the proxy layer.
In the link above there is a step-by-step guide in how to set up a nginx reverse proxy in front of Prometheus.
I have setup k8s single node cluster with kubeadm. I have configured oidc with it and made changes to ~/.kube/config file. Is there any explicit configuration that has to be done to kubectl context or credentials?
I have added the user, client-id, client-secret, id_token and refresh id to the /.kube/config file.
Apart from this i have added oidc-issuer-url, oidc-username-claim and oidc-client-id to kube-apiserver.yaml file.
Apart from this is there anything else that has to be added? I assume i am missing something due to which i get error: You must be logged in to the server (the server has asked for the client to provide credentials) when i try the command kubectl --user=name#gmail.com get nodes
you may take a look at the log of apiserver to check what error you get during authentication.
And you should add oidc-issuer-url, oidc-username-claim, oidc-client-id, and --oidc-ca-file in apiserver.yaml.
I know it's possible to access the static views of the api, but I can't find out the basic auth details that I need to login via the browser. Where can I find these? I'm on GCE and created a cluster.
Run kubectl config view. It'll dump out the auth information used to access your cluster, including the basic auth username and password.
I've installed a kubernetes cluster (using Google's Container Engine) and I noticed a service listening on port 443 on the master server. Tried to access it but it requires username and password, so any ideas what these credentials are?
You can read the cluster config using kubectl. This will contain the username and password for the UI.
kubectl config view
As of April 29 use:
gcloud container clusters describe [clustername]
This will give you some YAML (see here) containing also the username and password.
The user/password are stored in the API.
If you do:
gcloud preview container --zone <zone> clusters list
You should be able to see the user name and password for your cluster.
Note that the HTTPS cert that it uses is currently signed by an internal CA (stored in your home directory) so for a web browser, you will need to manually accept the certificate. We're working on making this more clean.
You can also type
$ kubectl proxy
which will serve up the UI at http://localhost:8001/ui
Use the below command to find the Kubernetes auto-generated password.
$Kubectl config view --minify