I have setup k3s. Also I have setup kubernetes-dashboard on k3s.
But I want to use static token while login into the kubernetes dashboard. I does not want to use different token each time when I setup k3s and kubernetes-dashboard.
I found this link for using user/pass in kubernetes. Similarly I want to use static token for kubernetes dashboard in k3s setup.
Is there any way to do this?
Based on my findings we need to create file(token.csv) which contains password/token:
admin123 admin admin system:masters
After that while installing k3s we can pass this file:
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.21.8+k3s1 sh -s - --kube-apiserver-arg='token-auth-file=/home/ubuntu/token.csv'
After that we can use the token "admin123" to login into kubernetes dashboard.
Related
I had a kiwi instance running as docker containers under RHEL8 with kiwitcms/kiwi:latest-image as kiwi_web container and centos/postgresql-12-centos7-image as kiwi_db container. Provided via reverse proxy in an existing apache.
I was able to login as the created superuser.
Then I've installed multi-tenant support via pip install kiwitcms-tenants.
I've set the KIWI_TENANTS_DOMAIN variable.
I did podman exec -it kiwi_web /Kiwi/manage.py migrate and podman exec -it kiwi_web /Kiwi/manage.py refresh_permissions.
Then I've created a tenant via podman exec -u 0 -it kiwi_web /Kiwi/manage.py create_tenant.
Now, if I am still logged in (from the session before installing multi-tenant support), I can now see the new Mandant plugin and the tenant configurations in the admin area.
But, if I logout, I can't login anymore. It does not say "wrong credentials" or something like that, like it appears if I put in wrong credentials. The fields are just emptied and I am simply not forwarded. What am I missing here?
What am I missing here?
I think you are missing the fact that tenant routing is done on a domain basis. The domain which you configure with the create_tenant command is the one you should be using to access the multi-tenant Kiwi TCMS instance.
If KIWI_TENANTS_DOMAIN=example.com then you should use either example.com in create_tenant or something like public.example.com. Every other tenant will be <tenant name>.example.com.
If that doesn't work you need to provide more information starting with your reverse proxy logs.
I have installed Hyperledger Cello following the instructions here The operator dashboard opens up at port 8080 but when I try logging in with the credentials admin:pass as suggested like these to auth realms url and i get error site cannot be reached as show below
http://xx.xx.xx.xx:8083/auth/realms/cello-realm/protocol/openid-connect/auth?client_id=cello-operator-dashboard&redirect_uri=http%3A%2F%2Fxx.xx.xx.xx:%3A8080%2Foidc_callback&scope=openid+email&access_type=offline&response_type=code&state=eyJjc3JmX3Rva2VuIjogInAxenFid1VMQnI0U2N4T05QYVNqc1luejhmMHMxN3diIiwgImRlc3RpbmF0aW9uIjogImV5SmhiR2NpT2lKSVV6STFOaUo5LkltaDBkSEE2THk4MUxqa3VNamt1TdfdNd09qZ3dPREF2SWcuTnItSmhpN3lXR1puTE1VdEx0Qmc1TUpRZ1N0SlFMeFF3YklLRHI3UDd2VSJ9&openid.realm=http%3A%2F%2Fxx.xx.xx.xx:%3A8080%2Foidc_callback
i have given following env variables.
Are there any other configuration i need to do for realms to log into the operator dashboard? I can't log into the operator dashboard and I can't access the user dashboard. The user dashboard container is running as shown below but unable to access dashboard Please help.
Docker running container Image
It worked for me when I have started the cello services with below commands
cd cello
sudo make reset
SERVER_PUBLIC_IP=xx.xx.xx.xx make start
and in browser use this URL: http://xx.xx.xx.xx:8080/
Note: Replace xx.xx.xx.xx with your public IP.
Just for the records, with Cello 0.9.0 #GaurangSing's answer didn't work. In the end, what helped me was to edit Makefile in the cello root folder, and change line : SERVER_PUBLIC_IP ?= 127.0.0.1 with the IP of my own server.
I'm using a Kubernetes cluster in Azure running an ingress controller. The ingress controller routes to different services via a given context root.
To add another service and connect it to my ingress I build a simple shell script looking like this:
kubectl apply -f $1'-svc.yaml'
some script magic here to add a new route in the hello-world-ingress.json
kubectl apply -f 'hello-world-ingress.json'
I tested the script on my local machine and everything works as expected. Now I want to trigger the script with an HTTP rest call on Azure.
Does anyone have an idea how to do that? So far I know:
I need the Azure cli with Kubernetes to run the kubectl command
I need something to build the HTTP trigger. I tried using AzureFunctions, but I wasn't able to install the Azure cli in Azure Functions on the Azure Portal and I wasn't able to install Azure cli + Azure Functions in a Docker Container.
Does anyone have an idea how to trigger my shell script via HTTP in Azure in an environment where the Azure cli exists?
The easiest way, in my opinion, is to set up an Azure instance with kubectl and the Azure cli configured to talk to your cluster and on that same server setup something like shell2http. For example:
shell2http -export-all-vars /mybash "yourbash.sh"
shell2http -form /apply "kubectl apply -f $v'-svc.yaml'"
shell2http -export-all-vars /domore "domore.sh"
Where $v above is the name of your deployment.
I have an ansible playbook which installs GitLab and configures a GitLab Runner. To register the runner, we need a GitLab registration token.
Currently I need to:
run the playbook, letting it install Gitab
manually login and obtain the registration token
reconfigure the playbook to use this token
let the playbook run again to register the runner
How can I obtain (or force?) this token when provisioning GitLab, so that the whole playbook can run automatically?
Updated Version for extracting the encrypted token:
gitlab-rails runner "print TokenAuthenticatableStrategies::EncryptionHelper.decrypt_token('$(echo 'select runners_registration_token_encrypted from application_settings;' | gitlab-psql -d gitlabhq_production -qtAX)')"
Extracting it form a docker container:
TOKEN_COMMAND='gitlab-rails runner "print TokenAuthenticatableStrategies::EncryptionHelper.decrypt_token('"'"'$(echo '"'"'select runners_registration_token_encrypted from application_settings;'"'"' | gitlab-psql -d gitlabhq_production -qtAX)'"'"')"'
RONNER_TOKEN="$(docker exec -it gitlab_gitlab_1 /bin/bash -c "$TOKEN_COMMAND")"
My first approach would be to utilize the REST API, however this feature is not implemented yet. The linked feature request contains a SQL query to obtain the runner token. The query seems to be (for POSTgres):
"select runners_registration_token from application_settings where runners_registration_token!='';"
It should be possible to run that query against the database and register the token as a fact for further configuration.
What I need is to build an image (as a CI product) and push it only if the tag version is not on our private azure hosted docker registry already.
Following this stackoverflow answer I tried to replicate the bash script there with the azure registery login server but it does not seem to support the exact same api (getting a 404). How can I achieve this "check if version/tag exists in registry" via the http/REST api with azure container registry? (Without using the built in az tool)
How can I achieve this "check if version/tag exists in registry" via
the http/REST api with azure container registry?
In Azure container registry, we should use Authorization: Basic to authenticate it.
You can use ACR username and password to get the credentials, then use this script to list all tags:
export registry="jasonacrr.azurecr.io"
export user="jasonacrr"
export password="t4AH+K86xxxxxxx2SMxxxxxzjNAMVOFb3c"
export operation="/v2/aci-helloworld/tags/list"
export credentials=$(echo -n "$user:$password" | base64 -w 0)
export catalog=$(curl -s -H "Authorization: Basic $credentials" https://$registry$operation)
echo "Catalog"
echo $catalog
Output like this:
[root#jasoncli jason]# echo $catalog
{"name":"aci-helloworld","tags":["v1","v2"]}
Then you can use shell to check the tag existing or not.
Hope this helps.
Update:
More information about Azure container registry integration with Azure AD, please refer to this article.