How can you set cluster username / password, or pass --insecure-bind-address to kube-apiserver ?

[bw2]

I'm trying to deploy the cockpit container (https://github.com/cockpit-project/cockpit) to a kube-solo cluster, but can't figure out how to use cockpit's authentication mechanism with kube-solo.

When I deploy to google container engine - I can login to cockpit using the cluster's "admin" username and password which I can look up using kubectl config view .

How can I set up equivalent credentials in kube-solo?

Ps. I asked the developers of cockpit: https://github.com/cockpit-project/cockpit/issues/6549

and they suggested another workaround - which is to run kube-apiserver with --insecure-bind-address or --basic-auth-file

but I'm not sure how to do this either

[rimusz]

sorry for the late delay, you can add the --insecure-bind-address or --basic-auth-file in this part https://github.com/TheNewNormal/kube-solo-osx/blob/master/src/cloud-init/user-data#L164-L179

[bw2]

I tried creating a password file using htpasswd and adding --basic-auth-file=/Users/weisburd/kube-solo/cloud-init/basicauth

but then VM startup stalls on Waiting for etcd service to be ready on VM...

[rimusz]

where are you adding --basic-auth-file=/Users/weisburd/kube-solo/cloud-init/basicauth to?

[bw2]

to this list https://github.com/TheNewNormal/kube-solo-osx/blob/master/src/cloud-init/user-data#L164-L179 in /Users/weisburd/kube-solo/user-data

[rimusz]

you cannot point to file that way, copy that file to VM first

[bw2]

sorry I don't understand re. user-data. Which directory should the file be placed in on the VM? I just tried SSH'ing into the VM and looking for it, but I again only see it in ~/kube-solo/cloud-init/user-data:

core@k8solo-01 ~ $ sudo find / -name "user-data"
find: `/data/var/lib/rkt/pods/exited-garbage/c6c28aca-c35a-4548-9cf0-046aad05b5b5/stage1/rootfs/opt/stage2/flannel/rootfs/sys/kernel/debug/tracing': No such file or directory


/Users/weisburd/kube-solo/cloud-init/user-data

and same thing in the repo: https://github.com/TheNewNormal/kube-solo-osx/search?utf8=%E2%9C%93&q=+user-data&type=

[rimusz]

here is the part where you can add files https://github.com/TheNewNormal/kube-solo-osx/blob/master/src/cloud-init/user-data#L270 them use that path --basic-auth

[bw2]

Just tried setting

 # Start API server
        ExecStart=/data/opt/bin/kube-apiserver \
          --client-ca-file=/data/kubernetes/ca.crt \
          --tls-cert-file=/data/kubernetes/server.cert \
          --tls-private-key-file=/data/kubernetes/server.key \
          --admission_control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,ServiceAccount,ResourceQuota \
          --service_account_key_file=/data/kubernetes/server.key \
          --service_account_lookup=false \
          --allow_privileged=true \
          --insecure_bind_address=0.0.0.0 \
          --insecure_port=8080 \
          --kubelet_https=true \
          --secure_port=6443 \
          --service-cluster-ip-range=10.100.0.0/16 \
          --etcd_servers=http://127.0.0.1:2379 \
          --bind-address=0.0.0.0 \
          --logtostderr=true \
          --basic-auth=/opt/basicauth

and

write-files:
 - path: /opt/basicauth
   permissions: '0644'
   content: |
     weisburd:$apr1$8ikh...hash
 - path: /opt/sbin/wupiao
   permissions: '0755'
   content: |
      #!/bin/bash
   ...

it once again hangs at the Waiting for etcd service to be ready on VM... step, but if I take out the --basic-auth=/opt/basicauth line it does boot