Bug 1298224 - default .kube/config to support cluster admin for "kubectl" and "oc" [NEEDINFO]
default .kube/config to support cluster admin for "kubectl" and "oc"
Status: NEW
Product: Container Development Kit (CDK)
Classification: Red Hat
Component: distribution (Show other bugs)
2.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 2.0
Assigned To: Lalatendu Mohanty
David Kutálek
Vikram Goyal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-13 09:23 EST by Burr Sutter
Modified: 2018-02-07 11:58 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
lmohanty: needinfo? (bsutter)
prkumar: needinfo? (bsutter)


Attachments (Terms of Use)
The admin config bundled with the virtualbox image (5.91 KB, text/plain)
2016-03-04 12:15 EST, Kent Hua
no flags Details

  None (edit)
Description Burr Sutter 2016-01-13 09:23:07 EST
Description of problem:
Out-of-the-box, we need a pre-defined user/password that is a cluster-admin for both Kubernetes and OpenShift.  Things like "kubectl get nodes" should just work for the correctly logged in user.  

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Lalatendu Mohanty 2016-01-13 09:27:28 EST
Burr,

With the Vagrant file for k8s, the default user i.e. "vagrant" should be able to run kubectl get nodes. Is it not working for you?
Comment 3 Kent Hua 2016-03-04 12:12:29 EST
[vagrant@localhost ~]$ ls -la
total 28
drwx------. 4 vagrant vagrant 4096 Mar  4 12:02 .
drwxr-xr-x. 3 root    root    4096 Feb 25 01:54 ..
-rw-r--r--. 1 vagrant vagrant   18 Jul  8  2015 .bash_logout
-rw-r--r--. 1 vagrant vagrant  193 Jul  8  2015 .bash_profile
-rw-r--r--. 1 vagrant vagrant  231 Jul  8  2015 .bashrc
drwxr-xr-x. 2 vagrant vagrant 4096 Mar  4 12:02 .docker
drwx------. 2 vagrant vagrant 4096 Mar  4 12:02 .ssh

Missing .kube/config


[vagrant@localhost ~]$ oc login -u system:admin
Authentication required for https://10.1.2.2:8443 (openshift)
Username: system:admin
Password:
Login successful.

You don't have any projects. You can try to create a new project, by running

    $ oc new-project <projectname>


Need to do this to get cluster-admin access:
[vagrant@localhost ~]$ oc config use-context default/10-0-2-15:8443/system:admin
switched to context "default/10-0-2-15:8443/system:admin".
[vagrant@localhost ~]$ oc whoami
system:admin
[vagrant@localhost ~]$ oc login -u system:admin
Logged into "https://10.0.2.15:8443" as "system:admin" using existing credentials.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default (current)
  * openshift
  * openshift-infra
  * test

Using project "default".
Comment 4 Kent Hua 2016-03-04 12:15 EST
Created attachment 1133219 [details]
The admin config bundled with the virtualbox image

Using this "rhel-cdk-kubernetes-7.2-18.x86_64.vagrant-virtualbox.box"
Comment 5 Praveen Kumar 2016-03-29 04:41:58 EDT
@kent, @burr We already have user setup as part of openshift provision and currently 'openshift-dev/devel' can used as normal user and 'admin/admin' can be used as cluster-admin. 

[vagrant@rhel-cdk ~]$ oc login -u admin
Server [https://localhost:8443]: 
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y

Authentication required for https://localhost:8443 (openshift)
Username: admin
Password: 
Login successful.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default (current)
  * openshift
  * openshift-infra

Using project "default".
Welcome! See 'oc help' to get started.
[vagrant@rhel-cdk ~]$ oc get nodes
NAME       LABELS                            STATUS    AGE
rhel-cdk   kubernetes.io/hostname=rhel-cdk   Ready     5m
[vagrant@rhel-cdk ~]$ oc logout
Logged "admin" out on "https://localhost:8443"

[vagrant@rhel-cdk ~]$ oc login -u openshift-dev
Authentication required for https://localhost:8443 (openshift)
Username: openshift-dev
Password: 
Login successful.

You don't have any projects. You can try to create a new project, by running

    $ oc new-project <projectname>

[vagrant@rhel-cdk ~]$ oc get nodes
Error from server: User "openshift-dev" cannot list all nodes in the cluster

Note You need to log in before you can comment on or make changes to this bug.