Skip to content
This repository has been archived by the owner on Oct 22, 2021. It is now read-only.

Deploy Stratos on kubecf #199

Closed
gaktive opened this issue Nov 26, 2019 · 5 comments
Closed

Deploy Stratos on kubecf #199

gaktive opened this issue Nov 26, 2019 · 5 comments
Assignees
@thardeck
Labels
Priority: High Status: Done Implemented and PR merged SUSE SUSE is pursuing a solution Type: Enhancement New feature or request
Milestone
1.0.0

Comments

@gaktive
Copy link
Collaborator

gaktive commented Nov 26, 2019

Is your feature request related to a problem? Please describe.
The Stratos Console works on scf. We need to make sure it runs on kubecf.

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.
@gaktive gaktive added the Type: Enhancement New feature or request label Nov 26, 2019
@fargozhu fargozhu removed their assignment Nov 29, 2019
@fargozhu fargozhu added this to the 1.0.0 milestone Dec 8, 2019
@fargozhu
Copy link
Contributor

fargozhu commented Jan 7, 2020
edited
Loading

Stratos (both versions) deployed with success with KubeCF 0.1.0 on GKE 1.4.1 without UAA support.

@fargozhu
Copy link
Contributor

The verification should include UAA integration.

@jimmykarily
Copy link
Collaborator

We deployed Stratos and used the following values to connect to the UAA (cluster is a kind one):

env:
   DOMAIN: 172.17.0.2
   UAA_HOST: uaa.172.17.0.2.nip.io
   UAA_PORT: 443
   UAA_ZONE: ~

it turns out that Stratos expects UAA_ZONE to be set otherwise it is set to scf : https://github.com/cloudfoundry/stratos/blob/9c4422850042249c55a5ee925fcbbe477891d16c/deploy/kubernetes/console/templates/__helpers.tpl#L48

on kubecf, we don't setup identity zones like we did in scf (https://github.com/SUSE/scf/blob/develop/src/scf-release/jobs/uaa-create-user/templates/run.erb#L80). The admin user is created on the "root" identity zone (no subdomain) but Stratos can't authenticate against that (always assumes a zone).

So we verified that Stratos can authenticate with UAA but in order to work with kubecf one of the 2 must happen:

  • root identity zone can be used in Stratos (cc @nwmac)
    or
  • we setup an identity zone in kubecf which we can then use as the UAA_ZONE setting when deploying Stratos.

@fargozhu fargozhu added the Status: Blocked Dependencies on other issues and/or pull requests label Jan 23, 2020
@fargozhu
Copy link
Contributor

blocked by cloudfoundry/stratos#4101

@fargozhu fargozhu added the SUSE SUSE is pursuing a solution label Feb 4, 2020
@fargozhu fargozhu assigned fargozhu and jimmykarily and unassigned fargozhu and jimmykarily Feb 4, 2020
@thardeck
Copy link
Contributor

thardeck commented Feb 6, 2020
edited
Loading

I have installed Stratos 2.7.0 with helm, and used the UI to connect to kubecf.

You have to specify the endpoint URL without a / at the end. The client id is cf, the client secret is empty, the admin username is admin and the admin password is the actual cf password.

If unknown it can be extracted with echo $(kubectl get secrets -n kubecf kubecf.var-cf-admin-password -o json | jq -r .data.password | base64 -d).

In Stratos you can login with the same user and password combination or probably any other uaa combination which is part of the uaa group specified during the Stratos setup.

@fargozhu fargozhu added Status: Done Implemented and PR merged and removed Status: Blocked Dependencies on other issues and/or pull requests labels Feb 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@thardeck thardeck

Labels
Priority: High Status: Done Implemented and PR merged SUSE SUSE is pursuing a solution Type: Enhancement New feature or request
Projects
None yet
Milestone
1.0.0
Development

No branches or pull requests
4 participants
@fargozhu @thardeck @jimmykarily @gaktive