authentication issue

[iqarmy]

hi guys, following the quickstart guide on a local DC/OS community cluster, I've successfully deployed kubernetes + kubernetes cluster , yet kubectl complains about authentication even whilst setting the cluster with "Always allow" authorization:

if I hit enter to avoid credential usage it just hangs otherwise:

kubectl get nodes
Please enter Username: a
Please enter Password: *
error: You must be logged in to the server (Unauthorized)

• curl also outputs:

$ curl --insecure https://xx.xx.xx.xx:6443/api
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
}

Any suggestion much appreciated. (PS sorry for posting here could be not a code/examples related issue)

[dkoshkin]

@iqarmy how did you setup your kubeconfig file, did you use the make kubeconfig target or some other method?

Are there any errors if you run that command?

[iqarmy]

I've actually manually created it as I'm using OSX on my local machine whilst DC/OS cluster runs within the local network. Below its contents (xx.xx.xx.xx - address of marathon-lb) :

$ cat ~/.kube/config
apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://xx.xx.xx.xx:6443
  name: kubernetes01
contexts:
- context:
    cluster: kubernetes01
    user: ""
  name: default-context
current-context: default-context
kind: Config
preferences: {}
users: []

[dkoshkin]

Do you mind wrapping the code in "```" as here, it will make it easier to review.

[iqarmy]

Edited thx.

[iqarmy]

adding dcos info for the kube cluster as well:

$  dcos kubernetes cluster describe 
Using Kubernetes cluster: kubernetes01
{
  "calico": {
    "calico_ipv4pool_cidr": "192.168.0.0/16",
    "cni_mtu": 1400,
    "felix_ipinipenabled": true,
    "felix_ipinipmtu": 1420,
    "ip_autodetection_method": "can-reach=9.0.0.0",
    "ipv4pool_ipip": "Always",
    "typha": {
      "enabled": false,
      "replicas": 3
    }
  },
  "etcd": {
    "cpus": 0.5,
    "data_disk": 3072,
    "disk_type": "ROOT",
    "mem": 1024,
    "wal_disk": 512
  },
  "kubernetes": {
    "authorization_mode": "AlwaysAllow",
    "control_plane_placement": "[[\"hostname\", \"UNIQUE\"]]",
    "control_plane_reserved_resources": {
      "cpus": 1.5,
      "disk": 10240,
      "mem": 4096
    },
    "dcos_token_authentication": false,
    "high_availability": false,
    "private_node_count": 1,
    "private_node_placement": "",
    "private_reserved_resources": {
      "kube_cpus": 2,
      "kube_disk": 10240,
      "kube_mem": 2048,
      "system_cpus": 1,
      "system_mem": 1024
    },
    "proxy": {
      "override_injection": false
    },
    "public_node_count": 0,
    "public_node_placement": "",
    "public_reserved_resources": {
      "kube_cpus": 0.5,
      "kube_disk": 2048,
      "kube_mem": 512,
      "system_cpus": 1,
      "system_mem": 1024
    },
    "service_cidr": "10.100.0.0/16"
  },
  "kubernetes-cluster": {
    "authorization_mode": "RBAC",
    "high_availability": true,
    "private_node_count": 3
  },
  "service": {
    "log_level": "INFO",
    "name": "kubernetes01",
    "region": "",
    "service_account": "",
    "service_account_secret": "",
    "sleep": 1000,
    "use_agent_docker_certs": false,
    "virtual_network_name": "dcos"
  }
}

[iqarmy]

Just to update I'm getting 401 (unauth) regardless the:

"kubernetes-cluster": {
    "authorization_mode": "RBAC",
    "high_availability": true,
    "private_node_count": 3
  },

or

"kubernetes-cluster": {
    "authorization_mode": "AlwaysAllow",
    "high_availability": true,
    "private_node_count": 3
  },

Otherwise the cluster is provisioned as default.

[dkoshkin]

I would recommend using the Makefile target and then comparing it to the kubeconfig you are generating.