[caasp-beta] [Newsletter] Re: RE : kubectl requires username and password

Ns, Rushi rushi.ns at sap.com
Tue Oct 3 12:15:53 MDT 2017


Hi Paul,

Thank you . I have tried the same one with latest caasp-cli and the result is same.  FYI, I setup 3 masters with 6 workers and I tried all 3 masters hostname one by one with the command line caasp-cli but nothing is really working.

Do I have to setup any DEX container on the cluster ? or it does embedded part of it and why it is asking me DEX”

caasp-cli login -s https://hostname:6443 -u rushi at id.com -p xxxxxx


Error: unable to find Dex service in CaaS Platform cluster, error was Get https://hostname:6443/api/v1/namespaces/kube-system/services/dex: Forbidden



Best Regards,

Rushi.
I MAY BE ONLY ONE PERSON, BUT I CAN BE ONE PERSON WHO MAKES A DIFFERENCE


From: Paul Gonin <paul.gonin at suse.com>
Date: Tuesday, October 3, 2017 at 8:55 AM
To: Rob de Canha-Knight <rob.decanha-knight at suse.com>, Rushi NS <rushi.ns at sap.com>, "caasp-beta at lists.suse.com" <caasp-beta at lists.suse.com>, Dan Elder <DElder at novacoast.com>
Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires username and password

Hi,

You need to check that between master node and admin node the port 389 is open - for example if you're using OpenStack you need the check that the security group is properly defined to allow this port

rgds
Paul

Le mardi 03 octobre 2017 à 15:17 +0000, Rob de Canha-Knight a écrit :
Rushi.

The details I provided below on caasp-cli is how I’ve been using caasp-cli since day one.

I’ve just tried again on a new cluster and running

caasp-cli login -s https://master.caaspdemo.geeko.ninja:6443 -u rob.decanha-knight at suse.com -p mypassword

Where –u is the email address of the user I created during velum first startup/login.

Worked fine for me.

I don’t have any other documents to hand (other than the attached) around logging in so all I can personally suggest is to make sure you’re using https and port 6443 of the kubernetes master after -s.

I’ve also attached the main bit of documentation we have around the caasp-cli client (which will make it’s way into the version 2 final release).

I would suggest trying again from scratch with a new cluster instance of RC1 (including downloading and installing the updated caasp-cli client available from https://github.com/kubic-project/caasp-cli/releases as this one is working fine for me).
Make a note of every command you are running and the output it provides and you can send those details to this list as at the moment the information in the thread is a bit scattered and I can’t tell accurately what’s going on or what’s being done by the user.

Yes there are a lot of changes in this release mainly an updated k8s version and a feature much requested by customers (I remember during 1.0 betas you also requested for user management and this is how we’ve implemented it). I’ve also attached the details on how to create/manage additional user accounts through ldap as well as the caasp-cli guidance that we have.

As one of our closest partners you also have the option of reaching out to your partner sales engineer/rep for your region and discussing it directly with them. They should be able to go onsite and help you if asked to get things up and running for your team.

All the best,
Rob


----
Rob de Canha-Knight
EMEA Platform and Management Technical Strategist
SUSE
rob.decanha-knight at suse.com<mailto:rob.decanha-knight at suse.com>
(Fuze/VOIP) +44 (0) 1635 937689
(M) +44 (0) 7392 087303
(TW) rssfed23<https://twitter.com/rssfed23>
----
[05168]
[cid:image002.png at 01D33C38.FB83A460]
[cid:image003.png at 01D33C38.FB83A460] <https://twitter.com/suse> [cid:image004.png at 01D33C38.FB83A460] <https://www.linkedin.com/in/rssfed23/>  [cid:image005.png at 01D33C38.FB83A460] <https://www.facebook.com/rssfed23>  [cid:image006.png at 01D33C38.FB83A460]  <https://plus.google.com/+SUSE/posts> [cid:image007.png at 01D33C38.FB83A460] <https://www.youtube.com/user/susevideo>


From: "Ns, Rushi" <rushi.ns at sap.com>
Date: Tuesday, 3 October 2017 at 16:07
To: "caasp-beta at lists.suse.com" <caasp-beta at lists.suse.com>, Dan Elder <DElder at novacoast.com>, Rob de Canha-Knight <rob.decanha-knight at suse.com>
Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires username and password

Hi Rob,

Whatever you have mentioned is not really working in reality. Using CAASP-cli is not at all authenticating and I spent 2 days to find a way to connect to cluster.

VELUM is fine, I can logon with registed email but nothing can be done after that such as installing kubernetes dashboard is not  ? first of all need to know how to connect with CAASP-CLI because there is no users created other than VELUM web login which was registered.

Can you provide some steps how you have doing with caasp-cli..i see lot of things changed on this new release.



Best Regards,

Rushi.
I MAY BE ONLY ONE PERSON, BUT I CAN BE ONE PERSON WHO MAKES A DIFFERENCE


From: <caasp-beta-bounces at lists.suse.com> on behalf of Rob de Canha-Knight <rob.decanha-knight at suse.com>
Date: Tuesday, October 3, 2017 at 6:57 AM
To: Dan Elder <DElder at novacoast.com>, "caasp-beta at lists.suse.com" <caasp-beta at lists.suse.com>
Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires username and password

Hi Dan.

In the log you’ve provided you’re using the admin server for the –s argument I believe.

You must use https://<your-master-fqdn>:8443<https://%3cyour-master-fqdn%3e:8443> as the address for the k8s master node (noting correct port and https).

Please let us know how you get on.

Rob



----
Rob de Canha-Knight
EMEA Platform and Management Technical Strategist
SUSE
rob.decanha-knight at suse.com<mailto:rob.decanha-knight at suse.com>
(Fuze/VOIP) +44 (0) 1635 937689
(M) +44 (0) 7392 087303
(TW) rssfed23<https://twitter.com/rssfed23>
----
[168]
[cid:image009.png at 01D33C38.FB83A460]
[cid:image010.png at 01D33C38.FB83A460] <https://twitter.com/suse> [cid:image011.png at 01D33C38.FB83A460] <https://www.linkedin.com/in/rssfed23/>  [cid:image012.png at 01D33C38.FB83A460] <https://www.facebook.com/rssfed23>  [cid:image013.png at 01D33C38.FB83A460]  <https://plus.google.com/+SUSE/posts> [cid:image014.png at 01D33C38.FB83A460] <https://www.youtube.com/user/susevideo>


From: <caasp-beta-bounces at lists.suse.com> on behalf of Dan Elder <DElder at novacoast.com>
Date: Tuesday, 3 October 2017 at 05:15
To: "caasp-beta at lists.suse.com" <caasp-beta at lists.suse.com>
Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires username and password


I haven't had any luck authentication with caasp-cli unfortunately.  The credentials I supply work fine for Velum but caasp-cli says they're invalid (output attached).  Is there some log I can pull from the admin node or somewhere else to troubleshoot this?  I've done 2 installs and gotten the same result both times.

Thanks,
Dan

On 09/27/2017 08:04 AM, Paul Gonin wrote:
Hi,

It should be on the media so you can install it on the admin node
It is installed by default on admin node.

You can also get (currently) rpms for different openSUSE/SUSE flavors
https://build.opensuse.org/repositories/devel:CaaSP:Head:ControllerNode/caasp-cli

And there is also a windows Build from Rob
https://github.com/rssfed23/caasp-cli-windows/releases

Tested / works but not supported (yet, but I assume to come)


Once you have caasp-cli
export KUBECONFIG=<pathtokubeconfig> (set KUBECONFIG=kubeconfig in windows cmd shell)
caasp-cli login -u caasp-user -p caasp-password -s https://caasp.fqdn:6443<https://qa-k8s.caasp.suse.net:6443>

and then you can use kubectl as previously

For caasp-user and caasp-password you can use caasp admin credentials.
You can also create users in local ldap

rgds
Paul

Le mercredi 27 septembre 2017 à 14:52 +0000, Ns, Rushi a écrit :
Thanks, where can I download . I see from github I can’t download the link .

https://github.com/kubic-project/caasp-cli


Best Regards,

Rushi.
I MAY BE ONLY ONE PERSON, BUT I CAN BE ONE PERSON WHO MAKES A DIFFERENCE


From: Paul Gonin <pgonin at suse.com><mailto:pgonin at suse.com>
Date: Tuesday, September 26, 2017 at 1:31 PM
To: "caasp-beta at lists.suse.com"<mailto:caasp-beta at lists.suse.com> <caasp-beta at lists.suse.com><mailto:caasp-beta at lists.suse.com>, Rushi NS <rushi.ns at sap.com><mailto:rushi.ns at sap.com>
Subject: RE : [caasp-beta] kubectl requires username and password

Hi,

With RC1, RBAC is available
Consequence is that you have to use caasp-ctl to login to CaaSP and modify your kubectl and inject credentials in it.

Rgds
Paul


-------- Message d'origine --------
De : "Ns, Rushi" <rushi.ns at sap.com><mailto:rushi.ns at sap.com>
Date : 26/09/2017 22:04 (GMT+01:00)
À : SUSE Beta Program <beta-programs at lists.suse.com><mailto:beta-programs at lists.suse.com>, caasp-beta at lists.suse.com<mailto:caasp-beta at lists.suse.com>
Objet : [caasp-beta] kubectl requires username and password


>>> "Ns, Rushi" 09/26/2017 21:04 >>>

Hi

I setup new cluster with this release and everything worked. I have 3 masters/10 workers ..looks fine VELUM web page as well and I have downloaded kubeconfig and tried to do some workload test but issue with access cluster.


I have issue with using KUBECTL command line ..whatever “kubectl” I run  requires permission. I setup velum with my userid email and password, I thought it requires that and I tried but its not ?

I have also tried root (linux) master/workers but it doesn’t take that too?

Does anyone know what is the issue.


kubectl get cluster-info

kubectl get nodes
Please enter Username: rushi.ns at sap.com<mailto:rushi.ns at sap.com>
Please enter Password: *********
                                Error from server (Forbidden): User "system:anonymous" cannot list nodes at the cluster scope. (get nodes)

kubectl get nodes
Please enter Username: admin
Please enter Password: ********
                               Unable to connect to the server: x509: certificate is valid for 172.24.0.1, 172.16.18.0, 127.0.0.1, 172.16.18.1, 10.48.164.142, not 10.48.164.144

kubectl get nodes
Please enter Username: root
Please enter Password: ********
                               Unable to connect to the server: x509: certificate is valid for 172.24.0.1, 172.16.22.0, 127.0.0.1, 172.16.22.1, 10.48.164.141, not 10.48.164.144
Best Regards,

Rushi.
I MAY BE ONLY ONE PERSON, BUT I CAN BE ONE PERSON WHO MAKES A DIFFERENCE


From: <caasp-beta-bounces at lists.suse.com><mailto:caasp-beta-bounces at lists.suse.com> on behalf of SUSE Beta Program <beta-programs at lists.suse.com><mailto:beta-programs at lists.suse.com>
Reply-To: SUSE Beta Program <beta-programs at lists.suse.com><mailto:beta-programs at lists.suse.com>
Date: Friday, September 22, 2017 at 7:48 AM
To: "caasp-beta at lists.suse.com"<mailto:caasp-beta at lists.suse.com> <caasp-beta at lists.suse.com><mailto:caasp-beta at lists.suse.com>
Subject: [caasp-beta] [ANNOUNCE] SUSE Container as a Service Platform 2 RC 1 is available!


Having trouble viewing this email? Please check the plain text version of it with your mailer.







[http://beta.suse.com/private/SLE12/suse_logo_color-reduced.png]






[https://www.suse.com/betaprogram/wp-content/uploads/2017/09/caasp-logo-beta-2-new.png]<https://www.suse.com/betaprogram/caasp-beta/>







We are happy to announce SUSE CaaS Platform 2 Release Candidate 1!



Download ›<https://www.suse.com/betaprogram/caasp-beta/#download>






Please check out our dedicated SUSE CaaS Platform Beta web page<https://www.suse.com/betaprogram/caasp-beta/>, where you will find all the information needed around SUSE CaaS Platform Beta.



What’s New with SUSE CaaS Platform 2 RC 1?




  *   K8s Multi-Master: Kubernetes Multi Master for building High-Availability clusters.
  *   caasp-cli: It's the new command line client for interacting with a CaaS Platform cluster. See for details<https://github.com/kubic-project/caasp-cli>.
  *   Dex: Dex is an identity service that uses OpenID Connect to drive authentication for other apps. See for details<https://github.com/coreos/dex>.
  *   OpenLDAP2: OpenLDAP2 running on an SLE12 container guest.



Things to consider for this Beta?




  *   DHCP

Your DHCP server should provide resolveable hostnames. If this is not the case like with libvirt/KVM, you should consider providing one yourself by appending this kernel parameter "hostname=HOSTNAME" during installation.

However, the kubeconfig file downloaded from the Dashboard could contain an incorrect "server" hostname that should be replaced with the IP address of your Master. For more information read: https://en.opensuse.org/SDB:Linuxrc#Network_Configuration

  *   Autoyast/VMX-Images

If you install via autoyast or one of the provided VMX beta images (KVM,Xen,VMware,...) please set a password or SSH key via cloud-init to be able to login.



Release plan ›<https://www.suse.com/betaprogram/caasp-beta/#releases>




Release Notes ›<https://www.suse.com/betaprogram/caasp-beta/#releasenotes>




Documentation ›<https://www.suse.com/betaprogram/caasp-beta/#documentation>









Have fun beta testing!

Your SUSE Linux Enterprise Team







Please refer to our dedicated SUSE CaaSP Beta Program<https://www.suse.com/betaprogram/caasp-beta/> webpage for any general information. However, do not hesitate to contact us at beta-programs at lists.suse.com<mailto:beta-programs at lists.suse.com> if you have any questions.

You received this email because you're signed up to get updates from us. Click here to unsubscribe.<mailto:beta-programs at lists.suse.com?subject=Unsubscribe%20from%20SUSE%20CaaSP%20Beta&body=Unsubscribe%20Unsubscribe%20from%20SUSE%20CaaSP%20Beta>







_______________________________________________

caasp-beta mailing list

caasp-beta at lists.suse.com<mailto:caasp-beta at lists.suse.com>

http://lists.suse.com/mailman/listinfo/caasp-beta







_______________________________________________

caasp-beta mailing list

caasp-beta at lists.suse.com<mailto:caasp-beta at lists.suse.com>

http://lists.suse.com/mailman/listinfo/caasp-beta



--

Senior Engineer

Linux Services Manager

Novacoast, Inc.

Mobile: (310) 243-6971

Office: (800) 949-9933 x1337

http://www.novacoast.com/

_______________________________________________

caasp-beta mailing list

caasp-beta at lists.suse.com<mailto:caasp-beta at lists.suse.com>

http://lists.suse.com/mailman/listinfo/caasp-beta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2958 bytes
Desc: image001.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1201 bytes
Desc: image002.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 791 bytes
Desc: image003.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 765 bytes
Desc: image004.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 757 bytes
Desc: image005.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 945 bytes
Desc: image006.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 803 bytes
Desc: image007.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 2960 bytes
Desc: image008.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.png
Type: image/png
Size: 1203 bytes
Desc: image009.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.png
Type: image/png
Size: 793 bytes
Desc: image010.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image011.png
Type: image/png
Size: 767 bytes
Desc: image011.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image012.png
Type: image/png
Size: 759 bytes
Desc: image012.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image013.png
Type: image/png
Size: 947 bytes
Desc: image013.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image014.png
Type: image/png
Size: 805 bytes
Desc: image014.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/e4536efa/attachment-0013.png>


More information about the caasp-beta mailing list