Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs/dev/libvirt-howto: Masters lack the admin kubeconfig #585

Merged
merged 1 commit into from
Nov 1, 2018
Merged

docs/dev/libvirt-howto: Masters lack the admin kubeconfig #585

merged 1 commit into from
Nov 1, 2018

Conversation

wking
Copy link
Member

@wking wking commented Oct 31, 2018
edited
Loading

Or at least, it's in what looks like an unreliable location ;). Here's my local kubeconfig:

$ sha1sum wking/auth/kubeconfig
dd7f1796fe5aed9b0f453498e60bfea9c6a56586  wking/auth/kubeconfig

And here's looking on master:

[core@wking-master-0 ~]$ sudo find / -xdev -name 'kubeconfig*' -exec sha1sum {} \+ 2>/dev/null
aa7e5544c36f2b070c33cbbea12102d64bc52928  /sysroot/ostree/deploy/rhcos/var/lib/kubelet/kubeconfig
aa7e5544c36f2b070c33cbbea12102d64bc52928  /var/lib/kubelet/kubeconfig
227e8aa1c09c7b5f8602a5528077f3bd34b8544e  /etc/kubernetes/kubeconfig
dd7f1796fe5aed9b0f453498e60bfea9c6a56586  /etc/kubernetes/checkpoint-secrets/kube-system/pod-checkpointer-5crhb/controller-manager-kubeconfig/kubeconfig
[core@wking-master-0 ~]$ grep 'user: ' /etc/kubernetes/kubeconfig
    user: kubelet

Reaching into checkpoint-secrets is probably not what we want to recommend, so I'm suggesting folks just copy their kubeconfig over from their local host.

CC @alejovicu

@openshift-ci-robot openshift-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 31, 2018
@abhinavdahiya
Copy link
Contributor

i want to drop this section of use the kubeconfig on nodes. Why do we need this?
There is kubeconfig on user's machine.
And tectonic-console and the openshift console both have a way to get a kubeconfig corresponding to the logged in user.

@wking
Copy link
Member Author

wking commented Oct 31, 2018

i want to drop this section of use the kubeconfig on nodes...

The docs I'm adjusting here are originally from 04266e2 (#93). As @cgwalters mentions there, the "SSH and then run this" approach is useful when you cannot resolve masters over DNS (so the URI in the kubeconfig doesn't work from your host). But you can SSH in by IP and then use the kubeconfig (because libvirt has the DNS set up for you on the bootstrap and master nodes).

@abhinavdahiya
Copy link
Contributor

can we ask users to always scp their local kubeconfig and use that. so that you scp it any node and run with it.

@wking
docs/dev/libvirt-howto: Masters lack the admin kubeconfig
23ca6a1 
Or at least, it's in what looks like an unreliable location ;).
Here's my local kubeconfig:

  $ sha1sum wking/auth/kubeconfig
  dd7f1796fe5aed9b0f453498e60bfea9c6a56586  wking/auth/kubeconfig

And here's looking on master:

  [core@wking-master-0 ~]$ sudo find / -xdev -name 'kubeconfig*' -exec sha1sum {} \+ 2>/dev/null
  aa7e5544c36f2b070c33cbbea12102d64bc52928  /sysroot/ostree/deploy/rhcos/var/lib/kubelet/kubeconfig
  aa7e5544c36f2b070c33cbbea12102d64bc52928  /var/lib/kubelet/kubeconfig
  227e8aa1c09c7b5f8602a5528077f3bd34b8544e  /etc/kubernetes/kubeconfig
  dd7f1796fe5aed9b0f453498e60bfea9c6a56586  /etc/kubernetes/checkpoint-secrets/kube-system/pod-checkpointer-5crhb/controller-manager-kubeconfig/kubeconfig
  [core@wking-master-0 ~]$ grep 'user: ' /etc/kubernetes/kubeconfig
      user: kubelet

Reaching into checkpoint-secrets is probably not what we want to
recommend, so instead I'm suggesting folks just copy their kubeconfig
over from their local host.

I'd originally left the boostrap suggestion alone, but now I'm
recommending scp for that as well, because:

1. Having only one way is less to think about.
2. With [1], the bootstrap node is becoming a fairly short-lived
   thing, so it's not worth spending much time talking about access to
   it.
3. Abhinav asked for it [2] ;).

[1]: openshift#579
[2]: openshift#585 (comment)
@wking wking force-pushed the master-kubeconfig branch from 9efc2e0 to 23ca6a1 Compare November 1, 2018 04:47
@wking
Copy link
Member Author

wking commented Nov 1, 2018

can we ask users to always scp their local kubeconfig and use that. so that you scp it any node and run with

Done with 9efc2e0 -> 23ca6a1.

@abhinavdahiya
Copy link
Contributor

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Nov 1, 2018
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [abhinavdahiya,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 251d073 into openshift:master Nov 1, 2018
@wking wking deleted the master-kubeconfig branch November 1, 2018 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajatchopra rajatchopra Awaiting requested review from rajatchopra

@steveej steveej Awaiting requested review from steveej

Assignees

@abhinavdahiya abhinavdahiya

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@wking @abhinavdahiya @openshift-ci-robot @openshift-merge-robot