Kompose username/password?

[bkcummins]

I'm working through our first Kubernetes deployment from a MacOS terminal into worker nodes managed by AWS EKS.

Everything in the AWS EKS documentation is working as explained; however, I was trying to deploy a docker-compose.yml using Kompose up and am asked for a Username and Password.

Any idea what I would use to create a Username and Password? Is this referring to a Kubernetes service account or would it be mapped to an IAM user account?

I tried to mapUsers to a IAM userarn, but I don't see what password would be used.
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

kubectl edit -n kube-system configmap/aws-auth

I was unable to satisfy it with an IAM user and console password.

Any help clarifying would get great appreciated.

Thx in advance!

[mumoshu]

@bkcummins Hey! Would you mind sharing us full log messages until you were asked for username and password?

I was wondering if kompose up would automatically build a docker image, and before deploying to to K8S, try to push it to your a docker registry? In case your registry requires authentication, you would have been asked for username and password for the docker registry.

[bkcummins]

@mumoshu They are private images. Our DTR is docker hub, but I am authenticated successfully there on the local terminal. Is there an additional step I missed to link the DTR to EKS? Oh, btw....I got the same Username/Password request when attempting the Kompose docker-compose.yml tutorial (with public images).

To date, I’ve been deploying with docker-compose directly to single node EC2 docker machines. This all works fine from the local terminal.

With AWS EKS, I can deploy out to the cluster of worker nodes using the various tutorial apps without a problem.

Trying to spin up with Kompose is short. As I recall, the first line just said it was deploying then the second line asked for Username. Then the third asked for the Password. Nothing I tried worked so I figured there was an inconsistency in how Kompose authenticates with the Kubernetes cluster when using aws-Iam-authenticator. I can post those log results first thing in the morning (eastern USA).

Thx again!

[bkcummins]

@mumoshu Also, in this instance the images for these services are already built and published as public to a DTR. They're not spec'd to build in docker-compose.yml.

[mattlandis]

I haven't used kompose myself, but I took a look at the source and it looks like they are using an old version of client-go. Since it doesn't have the new exec based auth provider that may be causing the issue.

I pulled down a copy of kubectl v1.4.1 and used it to try and get pods against a eks cluster. It prompts for username and password too.

They have an open issue to move to client-go for interactions. I've added a comment on that issue to also upgrade the version of client-go being used.

[bkcummins]

@mattlandis thx so much for the explanation! we just moved on w/o kompose.

[RichardBronosky]

I had this issue too even though my kubectl calls were fine. Turns out that the root user did not have the access needed. so I copied the ~/.kube/config file to the root user's home.

sudo mkdir -p /root/.kube; sudo cp ~/.kube/config /root/.kube/
ip="$(ip route get 1 | awk 'NR==1{print $7}')"
sudo -H kompose up --server https://$ip:6443

And I am using sudo because my user can't access /var/run/docker.sock