New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove basic-auth from k8s-master #96
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…c_auth.csv to followers
Tested as follows:
$ juju run --application kubernetes-master 'cat /root/cdk/basic_auth.csv && echo && cat /root/cdk/known_tokens.csv && echo && tail -5 /root/.kube/config && echo && tail -5 /home/ubuntu/config'
- Stderr: ""
Stdout: |
bMLJDSyGLzHIlknFEXmvy2njzyJ9peGl,admin,admin,system:masters
password,kwm,kwmonroe,"system:masters,system:nodes"
password,tes,test
pfxD4F17xlrKZhGqpXQJFwBScDAy4w4T,system:kube-controller-manager,kube-controller-manager
2hNQ6wmo0Z1YA3tyCXJczrDyTu2G4tsl,system:kube-proxy,kube-proxy
HGUA510qr9aN4o3DOmF7AqQIcvUM1Cxx,admin,admin,"system:masters"
V8LpmeAUHnDe50N2c3AWxOzJGhs3AeC2,system:monitoring,system:monitoring
qcKjtoiMdygDDZ1KyCWyardeTTUdJPMF,system:node:ip-172-31-7-119,kubelet-0,"system:nodes"
users:
- name: admin
user:
password: bMLJDSyGLzHIlknFEXmvy2njzyJ9peGl
username: admin
users:
- name: admin
user:
password: bMLJDSyGLzHIlknFEXmvy2njzyJ9peGl
username: admin
UnitId: kubernetes-master/0
- Stderr: ""
Stdout: |
bMLJDSyGLzHIlknFEXmvy2njzyJ9peGl,admin,admin,system:masters
password,kwm,kwmonroe,"system:masters,system:nodes"
password,tes,test
pfxD4F17xlrKZhGqpXQJFwBScDAy4w4T,system:kube-controller-manager,kube-controller-manager
2hNQ6wmo0Z1YA3tyCXJczrDyTu2G4tsl,system:kube-proxy,kube-proxy
HGUA510qr9aN4o3DOmF7AqQIcvUM1Cxx,admin,admin,"system:masters"
V8LpmeAUHnDe50N2c3AWxOzJGhs3AeC2,system:monitoring,system:monitoring
qcKjtoiMdygDDZ1KyCWyardeTTUdJPMF,system:node:ip-172-31-7-119,kubelet-0,"system:nodes"
users:
- name: admin
user:
password: bMLJDSyGLzHIlknFEXmvy2njzyJ9peGl
username: admin
users:
- name: admin
user:
password: bMLJDSyGLzHIlknFEXmvy2njzyJ9peGl
username: admin
UnitId: kubernetes-master/1
$ juju run --application kubernetes-master 'cat /root/cdk/basic_auth.csv && echo && cat /root/cdk/known_tokens.csv && echo && tail -5 /root/.kube/config && echo && tail -5 /home/ubuntu/config'
- Stderr: ""
Stdout: |
# Basic auth entries have moved to known_tokens.csv
NM2NrfwxGhvStj3h5IQyw7fRfOj3cSaX,system:kube-controller-manager,kube-controller-manager,
D23FwsrqZRTBcm8C9PWYmHQQdpFhBZBV,system:kube-proxy,kube-proxy,
kAinMNEZK1elIcO451JkObBy3LBCiDCd,admin,admin,system:masters
X1vqKAq9CEEYR9ZCbQTeIClsiwE84Njv,system:monitoring,system:monitoring,
B0MDGMWQ8Kz81lwhKbTUOaBkhrRcVsEO,system:node:ip-172-31-16-86,kubelet-0,system:nodes
1t1hgoE5pYEFZwNudG4UeqcRC4Vf4sxU,system:node:ip-172-31-5-224,kubelet-1,system:nodes
qo2o1GJZneFmajXtkSORLmAwwO3PWm2o,system:node:ip-172-31-6-7,kubelet-2,system:nodes
password,kwm,kwmonroe,"system:masters,system:nodes"
password,tes,test,
preferences: {}
users:
- name: admin
user:
token: kAinMNEZK1elIcO451JkObBy3LBCiDCd
preferences: {}
users:
- name: admin
user:
token: kAinMNEZK1elIcO451JkObBy3LBCiDCd
UnitId: kubernetes-master/0
- Stderr: ""
Stdout: |
# Basic auth entries have moved to known_tokens.csv
NM2NrfwxGhvStj3h5IQyw7fRfOj3cSaX,system:kube-controller-manager,kube-controller-manager,
D23FwsrqZRTBcm8C9PWYmHQQdpFhBZBV,system:kube-proxy,kube-proxy,
kAinMNEZK1elIcO451JkObBy3LBCiDCd,admin,admin,system:masters
X1vqKAq9CEEYR9ZCbQTeIClsiwE84Njv,system:monitoring,system:monitoring,
B0MDGMWQ8Kz81lwhKbTUOaBkhrRcVsEO,system:node:ip-172-31-16-86,kubelet-0,system:nodes
1t1hgoE5pYEFZwNudG4UeqcRC4Vf4sxU,system:node:ip-172-31-5-224,kubelet-1,system:nodes
qo2o1GJZneFmajXtkSORLmAwwO3PWm2o,system:node:ip-172-31-6-7,kubelet-2,system:nodes
password,kwm,kwmonroe,"system:masters,system:nodes"
password,tes,test,
preferences: {}
users:
- name: admin
user:
token: kAinMNEZK1elIcO451JkObBy3LBCiDCd
preferences: {}
users:
- name: admin
user:
token: kAinMNEZK1elIcO451JkObBy3LBCiDCd
UnitId: kubernetes-master/1
|
johnsca
approved these changes
May 13, 2020
🍖 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: https://bugs.launchpad.net/charm-kubernetes-master/+bug/1841226
Quite a bit goes into this:
dashboard-auth
config options/setup_basic_auth/setup_tokens
for the admin usersetup_tokens
updates existing tokens instead of just appending new rowsbasic_auth.csv
intoknown_tokens.csv
and genericize basic_auth.csvbasic_auth.csv
is genericized across the cluster