[caasp-beta] [Newsletter] Re: RE : kubectl requires username and password
Dan Elder
DElder at novacoast.com
Tue Oct 3 09:52:57 MDT 2017
Hi Rob,
I apologize, my naming conventions are a little different so for clarification purposes:
caasp-controller.suserd.com -> admin (Velum) node
caasp-admin.suserd.com -> k8 master node
caasp-worker1.suserd.com -> k8 worker node
caasp-worker2.suserd.com -> k8 worker node
In my case, caasp-admin.suserd.com is the master node (I'll cleanup the names in the future). I've tried using caasp-cli on an OpenSUSE Leap 42.3 (caasp-cli-0.0.1+20170929.git_r32_b195256-1.1.x86_64) and the k8 master (caasp-cli-0.0.1+20170914.git_r18_acbee3b-1.2.x86_64) but get the same result. The only system listening on 6443 in my environment is the k8 master (caasp-admin.suserd.com).
The nodes themselves are assigned addresses and hostnames from the DHCP server and all entries are also in DNS. Time is in sync across the nodes. I don't see anything obvious in any of the logs on the k8 master but any pointers on what I should be looking for would be helpful.
On 10/03/2017 08:05 AM, Rob de Canha-Knight wrote:
Hi Dan.
My apologies but the port I previously gave is incorrect.
The login string should look like:
caasp-cli login -s https://master.caaspdemo.geeko.ninja:6443 -u rob at suse.com<mailto:rob at suse.com> -p password
So port 6443.
Please also make sure you’re using the master nodes full fqdn that you inputted during the velum setup phase as well.
Rob de Canha-Knight
EMEA Platform and Management Technical Strategist
rob.decanha-knight at suse.com<mailto:rob.decanha-knight at suse.com>
(Fuze/VOIP) +44 (0) 1635 937689
(M) +44 (0) 7392 087303
(TW) rssfed23<https://twitter.com/rssfed23>
[cid:part4.714502EC.5AADC203 at novacoast.com]
[cid:part5.842FE9DB.80951553 at novacoast.com] <https://twitter.com/suse> [cid:part7.F607605D.3B851C1C at novacoast.com] <https://www.linkedin.com/in/rssfed23/> [cid:part9.990F13B7.D6C7161C at novacoast.com] <https://www.facebook.com/rssfed23> [cid:part11.EC41E238.27F56FAE at novacoast.com] <https://plus.google.com/+SUSE/posts> [cid:part13.FCB4F465.A70B313C at novacoast.com] <https://www.youtube.com/user/susevideo>
From: <caasp-beta-bounces at lists.suse.com><mailto:caasp-beta-bounces at lists.suse.com> on behalf of Rob de Canha-Knight <rob.decanha-knight at suse.com><mailto:rob.decanha-knight at suse.com>
Date: Tuesday, 3 October 2017 at 14:58
To: Dan Elder <DElder at novacoast.com><mailto:DElder at novacoast.com>, "caasp-beta at lists.suse.com"<mailto:caasp-beta at lists.suse.com> <caasp-beta at lists.suse.com><mailto:caasp-beta at lists.suse.com>
Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires username and password
Hi Dan.
In the log you’ve provided you’re using the admin server for the –s argument I believe.
You must use https://<your-master-fqdn>:8443<https://%3cyour-master-fqdn%3e:8443> as the address for the k8s master node (noting correct port and https).
Please let us know how you get on.
Rob de Canha-Knight
EMEA Platform and Management Technical Strategist
rob.decanha-knight at suse.com<mailto:rob.decanha-knight at suse.com>
(Fuze/VOIP) +44 (0) 1635 937689
(M) +44 (0) 7392 087303
(TW) rssfed23<https://twitter.com/rssfed23>
[cid:part19.B071E236.E51BA630 at novacoast.com]
[cid:part20.36AA1A29.2A18AF08 at novacoast.com] <https://twitter.com/suse> [cid:part22.2C336149.D98F4C92 at novacoast.com] <https://www.linkedin.com/in/rssfed23/> [cid:part24.66A991B7.C5771134 at novacoast.com] <https://www.facebook.com/rssfed23> [cid:part26.40204B51.02A8D9DB at novacoast.com] <https://plus.google.com/+SUSE/posts> [cid:part28.E493266E.994C27B6 at novacoast.com] <https://www.youtube.com/user/susevideo>
From: <caasp-beta-bounces at lists.suse.com><mailto:caasp-beta-bounces at lists.suse.com> on behalf of Dan Elder <DElder at novacoast.com><mailto:DElder at novacoast.com>
Date: Tuesday, 3 October 2017 at 05:15
To: "caasp-beta at lists.suse.com"<mailto:caasp-beta at lists.suse.com> <caasp-beta at lists.suse.com><mailto:caasp-beta at lists.suse.com>
Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires username and password
I haven't had any luck authentication with caasp-cli unfortunately. The credentials I supply work fine for Velum but caasp-cli says they're invalid (output attached). Is there some log I can pull from the admin node or somewhere else to troubleshoot this? I've done 2 installs and gotten the same result both times.
On 09/27/2017 08:04 AM, Paul Gonin wrote:
It should be on the media so you can install it on the admin node
It is installed by default on admin node.
You can also get (currently) rpms for different openSUSE/SUSE flavors
And there is also a windows Build from Rob
Tested / works but not supported (yet, but I assume to come)
Once you have caasp-cli
export KUBECONFIG=<pathtokubeconfig> (set KUBECONFIG=kubeconfig in windows cmd shell)
caasp-cli login -u caasp-user -p caasp-password -s https://caasp.fqdn:6443<https://qa-k8s.caasp.suse.net:6443>
and then you can use kubectl as previously
For caasp-user and caasp-password you can use caasp admin credentials.
You can also create users in local ldap
Le mercredi 27 septembre 2017 à 14:52 +0000, Ns, Rushi a écrit :
Thanks, where can I download . I see from github I can’t download the link .
Best Regards,
From: Paul Gonin <pgonin at suse.com><mailto:pgonin at suse.com>
Date: Tuesday, September 26, 2017 at 1:31 PM
To: "caasp-beta at lists.suse.com"<mailto:caasp-beta at lists.suse.com> <caasp-beta at lists.suse.com><mailto:caasp-beta at lists.suse.com>, Rushi NS <rushi.ns at sap.com><mailto:rushi.ns at sap.com>
Subject: RE : [caasp-beta] kubectl requires username and password
With RC1, RBAC is available
Consequence is that you have to use caasp-ctl to login to CaaSP and modify your kubectl and inject credentials in it.
-------- Message d'origine --------
De : "Ns, Rushi" <rushi.ns at sap.com><mailto:rushi.ns at sap.com>
Date : 26/09/2017 22:04 (GMT+01:00)
À : SUSE Beta Program <beta-programs at lists.suse.com><mailto:beta-programs at lists.suse.com>, caasp-beta at lists.suse.com<mailto:caasp-beta at lists.suse.com>
Objet : [caasp-beta] kubectl requires username and password
>>> "Ns, Rushi" 09/26/2017 21:04 >>>
I setup new cluster with this release and everything worked. I have 3 masters/10 workers ..looks fine VELUM web page as well and I have downloaded kubeconfig and tried to do some workload test but issue with access cluster.
I have issue with using KUBECTL command line ..whatever “kubectl” I run requires permission. I setup velum with my userid email and password, I thought it requires that and I tried but its not ?
I have also tried root (linux) master/workers but it doesn’t take that too?
Does anyone know what is the issue.
kubectl get cluster-info
kubectl get nodes
Please enter Username: rushi.ns at sap.com<mailto:rushi.ns at sap.com>
Please enter Password: *********
Error from server (Forbidden): User "system:anonymous" cannot list nodes at the cluster scope. (get nodes)
kubectl get nodes
Please enter Username: admin
Please enter Password: ********
Unable to connect to the server: x509: certificate is valid for,,,,, not
kubectl get nodes
Please enter Username: root
Please enter Password: ********
Unable to connect to the server: x509: certificate is valid for,,,,, not
Best Regards,
From: <caasp-beta-bounces at lists.suse.com><mailto:caasp-beta-bounces at lists.suse.com> on behalf of SUSE Beta Program <beta-programs at lists.suse.com><mailto:beta-programs at lists.suse.com>
Reply-To: SUSE Beta Program <beta-programs at lists.suse.com><mailto:beta-programs at lists.suse.com>
Date: Friday, September 22, 2017 at 7:48 AM
To: "caasp-beta at lists.suse.com"<mailto:caasp-beta at lists.suse.com> <caasp-beta at lists.suse.com><mailto:caasp-beta at lists.suse.com>
Subject: [caasp-beta] [ANNOUNCE] SUSE Container as a Service Platform 2 RC 1 is available!
Having trouble viewing this email? Please check the plain text version of it with your mailer.
We are happy to announce SUSE CaaS Platform 2 Release Candidate 1!
Download ›<https://www.suse.com/betaprogram/caasp-beta/#download>
Please check out our dedicated SUSE CaaS Platform Beta web page<https://www.suse.com/betaprogram/caasp-beta/>, where you will find all the information needed around SUSE CaaS Platform Beta.
What’s New with SUSE CaaS Platform 2 RC 1?
* K8s Multi-Master: Kubernetes Multi Master for building High-Availability clusters.
* caasp-cli: It's the new command line client for interacting with a CaaS Platform cluster. See for details<https://github.com/kubic-project/caasp-cli>.
* Dex: Dex is an identity service that uses OpenID Connect to drive authentication for other apps. See for details<https://github.com/coreos/dex>.
* OpenLDAP2: OpenLDAP2 running on an SLE12 container guest.
Things to consider for this Beta?
Your DHCP server should provide resolveable hostnames. If this is not the case like with libvirt/KVM, you should consider providing one yourself by appending this kernel parameter "hostname=HOSTNAME" during installation.
However, the kubeconfig file downloaded from the Dashboard could contain an incorrect "server" hostname that should be replaced with the IP address of your Master. For more information read: https://en.opensuse.org/SDB:Linuxrc#Network_Configuration
* Autoyast/VMX-Images
If you install via autoyast or one of the provided VMX beta images (KVM,Xen,VMware,...) please set a password or SSH key via cloud-init to be able to login.
Release plan ›<https://www.suse.com/betaprogram/caasp-beta/#releases>
Release Notes ›<https://www.suse.com/betaprogram/caasp-beta/#releasenotes>
Documentation ›<https://www.suse.com/betaprogram/caasp-beta/#documentation>
Have fun beta testing!
Your SUSE Linux Enterprise Team
Please refer to our dedicated SUSE CaaSP Beta Program<https://www.suse.com/betaprogram/caasp-beta/> webpage for any general information. However, do not hesitate to contact us at beta-programs at lists.suse.com<mailto:beta-programs at lists.suse.com> if you have any questions.
You received this email because you're signed up to get updates from us. Click here to unsubscribe.<mailto:beta-programs at lists.suse.com?subject=Unsubscribe%20from%20SUSE%20CaaSP%20Beta&body=Unsubscribe%20Unsubscribe%20from%20SUSE%20CaaSP%20Beta>
caasp-beta mailing list
caasp-beta at lists.suse.com<mailto:caasp-beta at lists.suse.com>
caasp-beta mailing list
caasp-beta at lists.suse.com<mailto:caasp-beta at lists.suse.com>
Senior Engineer
Linux Services Manager
Novacoast, Inc.
Mobile: (310) 243-6971
Office: (800) 949-9933 x1337
Senior Engineer
Linux Services Manager
Novacoast, Inc.
Mobile: (310) 243-6971
Office: (800) 949-9933 x1337
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2957 bytes
Desc: image001.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1200 bytes
Desc: image002.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 790 bytes
Desc: image003.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 764 bytes
Desc: image004.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 756 bytes
Desc: image005.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 944 bytes
Desc: image006.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 802 bytes
Desc: image007.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 2958 bytes
Desc: image008.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.png
Type: image/png
Size: 1201 bytes
Desc: image009.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.png
Type: image/png
Size: 791 bytes
Desc: image010.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image011.png
Type: image/png
Size: 765 bytes
Desc: image011.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image012.png
Type: image/png
Size: 757 bytes
Desc: image012.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image013.png
Type: image/png
Size: 945 bytes
Desc: image013.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image014.png
Type: image/png
Size: 803 bytes
Desc: image014.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/9da9d517/attachment-0013.png>
More information about the caasp-beta
mailing list