Description of problem: Out-of-the-box, we need a pre-defined user/password that is a cluster-admin for both Kubernetes and OpenShift. Things like "kubectl get nodes" should just work for the correctly logged in user. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Burr, With the Vagrant file for k8s, the default user i.e. "vagrant" should be able to run kubectl get nodes. Is it not working for you?
[vagrant@localhost ~]$ ls -la total 28 drwx------. 4 vagrant vagrant 4096 Mar 4 12:02 . drwxr-xr-x. 3 root root 4096 Feb 25 01:54 .. -rw-r--r--. 1 vagrant vagrant 18 Jul 8 2015 .bash_logout -rw-r--r--. 1 vagrant vagrant 193 Jul 8 2015 .bash_profile -rw-r--r--. 1 vagrant vagrant 231 Jul 8 2015 .bashrc drwxr-xr-x. 2 vagrant vagrant 4096 Mar 4 12:02 .docker drwx------. 2 vagrant vagrant 4096 Mar 4 12:02 .ssh Missing .kube/config [vagrant@localhost ~]$ oc login -u system:admin Authentication required for https://10.1.2.2:8443 (openshift) Username: system:admin Password: Login successful. You don't have any projects. You can try to create a new project, by running $ oc new-project <projectname> Need to do this to get cluster-admin access: [vagrant@localhost ~]$ oc config use-context default/10-0-2-15:8443/system:admin switched to context "default/10-0-2-15:8443/system:admin". [vagrant@localhost ~]$ oc whoami system:admin [vagrant@localhost ~]$ oc login -u system:admin Logged into "https://10.0.2.15:8443" as "system:admin" using existing credentials. You have access to the following projects and can switch between them with 'oc project <projectname>': * default (current) * openshift * openshift-infra * test Using project "default".
Created attachment 1133219 [details] The admin config bundled with the virtualbox image Using this "rhel-cdk-kubernetes-7.2-18.x86_64.vagrant-virtualbox.box"
@kent, @burr We already have user setup as part of openshift provision and currently 'openshift-dev/devel' can used as normal user and 'admin/admin' can be used as cluster-admin. [vagrant@rhel-cdk ~]$ oc login -u admin Server [https://localhost:8443]: The server uses a certificate signed by an unknown authority. You can bypass the certificate check, but any data you send to the server could be intercepted by others. Use insecure connections? (y/n): y Authentication required for https://localhost:8443 (openshift) Username: admin Password: Login successful. You have access to the following projects and can switch between them with 'oc project <projectname>': * default (current) * openshift * openshift-infra Using project "default". Welcome! See 'oc help' to get started. [vagrant@rhel-cdk ~]$ oc get nodes NAME LABELS STATUS AGE rhel-cdk kubernetes.io/hostname=rhel-cdk Ready 5m [vagrant@rhel-cdk ~]$ oc logout Logged "admin" out on "https://localhost:8443" [vagrant@rhel-cdk ~]$ oc login -u openshift-dev Authentication required for https://localhost:8443 (openshift) Username: openshift-dev Password: Login successful. You don't have any projects. You can try to create a new project, by running $ oc new-project <projectname> [vagrant@rhel-cdk ~]$ oc get nodes Error from server: User "openshift-dev" cannot list all nodes in the cluster