Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate Basic Auth credentials #166

Closed
yissachar opened this issue Jul 18, 2016 · 7 comments
Closed

Generate Basic Auth credentials #166

yissachar opened this issue Jul 18, 2016 · 7 comments
Labels
P0
Milestone
1.4.4

Comments

@yissachar
Copy link
Contributor

It would be nice to have Basic Auth credentials generated as part of the cluster set up. This would make it easier to login to the dashboard through a browser.
@justinsb
Copy link
Member

Agreed that we can make this better.

But they are generated and available: kops secret expose --id=kube --type=secret should tell you the password. Username is admin.

(And this should be id=admin; the syntax is inconsistent and should be documented. I think we have issues for those already though!)

@yissachar
Copy link
Contributor Author

Thanks, that worked (small typo: kops secret -> kops secrets).

The reason I assumed that they weren't generated is because they don't show up in .kube/config or kube config view, even though all the other settings for my cluster show up there. Is there a reason for this?

@justinsb justinsb added the P0 label Jul 25, 2016
@justinsb
Copy link
Member

They aren't actually needed in kubecfg - kubelet uses the client cert instead.

I am wondering if I should put them in there anyway; it is a convenient place to find them.

@boydgreenfield
Copy link

Apologies if I'm missing something obvious, but how do I expose the bearer token for use with bearer token auth against the API @justinsb?

@boydgreenfield
Copy link

Nvm – and update for anyone stumbling across this, it appears that --id=admin --type=secret reveals the bearer token.

@justinsb justinsb modified the milestone: 1.3.0 Jul 29, 2016
@talon-vonneudeck
Copy link

For kops version Version git-5191616 the command kops secrets expose --id=kube --type=secret gives unknown flag: --id back.
But kops get secrets -oplaintext --type=secret kube gives the basic auth secret back.

justinsb added a commit to justinsb/kops that referenced this issue Aug 15, 2016
@justinsb
Export admin password in kubecfg
3ae3dca 
This is where users expects to find it, because it is how kube-up does
it.

Issue kubernetes#166
@justinsb justinsb mentioned this issue Aug 15, 2016
Merged
justinsb added a commit to justinsb/kops that referenced this issue Aug 15, 2016
@justinsb
Export admin password in kubecfg
6afacd2 
This is where users expects to find it, because it is how kube-up does
it.

Issue kubernetes#166
justinsb added a commit to justinsb/kops that referenced this issue Aug 15, 2016
@justinsb
Export admin password in kubecfg
0a8533e 
This is where users expects to find it, because it is how kube-up does
it.

Issue kubernetes#166
justinsb added a commit to justinsb/kops that referenced this issue Aug 15, 2016
@justinsb
Provide hints after update cluster
7737544 
This should make kops more discoverable

Issue kubernetes#166

Issue kubernetes#263
@justinsb justinsb mentioned this issue Aug 15, 2016
Merged
justinsb added a commit to justinsb/kops that referenced this issue Aug 15, 2016
@justinsb
Export admin password in kubecfg
7cde689 
This is where users expects to find it, because it is how kube-up does
it.

Issue kubernetes#166
justinsb added a commit to justinsb/kops that referenced this issue Aug 15, 2016
@justinsb
Provide hints after update cluster
e778c79 
This should make kops more discoverable

Issue kubernetes#166

Issue kubernetes#263
justinsb added a commit to justinsb/kops that referenced this issue Aug 15, 2016
@justinsb
Start work on documenting authentication/security
399e622 
In particular SSH

Issue kubernetes#166
Issue kubernetes#263
Issue kubernetes#236
@justinsb justinsb mentioned this issue Aug 15, 2016
Merged
@justinsb
Copy link
Member

We now:

  • write the password to kubecfg
  • document the password in the dashboard addon docs
  • document the password location in the (nascent) security doc

It's still not perfect, but hopefully this is sufficient for the moment!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
P0
Projects
None yet
Milestone
1.4.4
Development

No branches or pull requests
4 participants
@justinsb @boydgreenfield @yissachar @talon-vonneudeck