stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anuruddha Lanka Liyanarachchi (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (STRATOS-1657) Https kubernetes endpoint can't be added to Stratos
Date Tue, 03 May 2016 09:23:12 GMT

    [ https://issues.apache.org/jira/browse/STRATOS-1657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15268414#comment-15268414
] 

Anuruddha Lanka Liyanarachchi edited comment on STRATOS-1657 at 5/3/16 9:23 AM:
--------------------------------------------------------------------------------

This is fixed in commit a4c516eaad75a466bd4a9449ee5f87821c3b126b.

Https endpoints can be configured as in the kubenetes-cluster.json using the endpoint parameter.

If kubernetes endpoint is https use the "endpoint" property as below json instead of privateIpAddress
property.

{code}
{
  "clusterId": "kubernetes-cluster-1",
  "description": "Kubernetes Cluster 1",
  "kubernetesMaster": {
    "hostId": "master",
    "hostname": "master.dev.kubernetes.org",
    "endpoint": "https://172.17.8.101:8080",
    "property": [
    ]
  },
  "portRange": {
    "upper": "32767",
    "lower": "30000"
  },
  "kubernetesHosts": [
    {
      "hostId": "minion-1",
      "hostname": "minion-1.dev.kubernetes.org",
      "privateIPAddress": "172.17.8.102",
      "publicIPAddress": "172.17.8.102",
      "property": [
      ]
    },
    {
      "hostId": "minion-2",
      "hostname": "minion-2.dev.kubernetes.org",
      "privateIPAddress": "172.17.8.103",
      "publicIPAddress": "172.17.8.103",
      "property": [
      ]
    }
  ],
  "property": [
    {
      "name": "payload_parameter.MB_URLS",
      "value": "172.17.8.1:1883"
    },
    {
      "name": "payload_parameter.MB_USERNAME",
      "value": "system"
    },
    {
      "name": "payload_parameter.MB_PASSWORD",
      "value": "manager"
    },
    {
      "name": "payload_parameter.CEP_URLS",
      "value": "172.17.8.1:7711"
    },
    {
      "name": "payload_parameter.LOG_LEVEL",
      "value": "DEBUG"
    },
    {
      "name": "payload_parameter.METADATA_SERVICE_URL",
      "value": "https://172.17.8.1:9443"
    }
  ]
}
{code}

Following system properties can be passed by adding them in <STRATOS_HOME>/bin/stratos.sh
file to configure relevant security options.
{code}
kubernetes.oapi.version / KUBERNETES_OAPI_VERSION
kubernetes.tls.protocols / KUBERNETES_TLS_PROTOCOLS
kubernetes.trust.certificates / KUBERNETES_TRUST_CERTIFICATES
kubernetes.certs.ca.file / KUBERNETES_CERTS_CA_FILE
kubernetes.certs.ca.data / KUBERNETES_CERTS_CA_DATA
kubernetes.certs.client.file / KUBERNETES_CERTS_CLIENT_FILE
kubernetes.certs.client.data / KUBERNETES_CERTS_CLIENT_DATA
kubernetes.certs.client.key.file / KUBERNETES_CERTS_CLIENT_KEY_FILE
kubernetes.certs.client.key.data / KUBERNETES_CERTS_CLIENT_KEY_DATA
kubernetes.certs.client.key.algo / KUBERNETES_CERTS_CLIENT_KEY_ALGO
kubernetes.certs.client.key.passphrase / KUBERNETES_CERTS_CLIENT_KEY_PASSPHRASE
kubernetes.auth.basic.username / KUBERNETES_AUTH_BASIC_USERNAME
kubernetes.auth.basic.password / KUBERNETES_AUTH_BASIC_PASSWORD
kubernetes.auth.tryKubeConfig / KUBERNETES_AUTH_TRYKUBECONFIG
kubernetes.auth.tryServiceAccount / KUBERNETES_AUTH_TRYSERVICEACCOUNT
kubernetes.auth.token / KUBERNETES_AUTH_TOKEN
kubernetes.watch.reconnectInterval / KUBERNETES_WATCH_RECONNECTINTERVAL
kubernetes.watch.reconnectLimit / KUBERNETES_WATCH_RECONNECTLIMIT
kubernetes.user.agent / KUBERNETES_USER_AGENT
{code}

Regards,
Anuruddha


was (Author: anuruddhal):
This is fixed in commit a4c516eaad75a466bd4a9449ee5f87821c3b126b.

Https endpoints can be configured as in the kubenetes-cluster.json using the endpoint parameter.

If kubernetes endpoint is https use the "endpoint" property as below json instead of privateIpAddress
property.

{code}
{
  "clusterId": "kubernetes-cluster-1",
  "description": "Kubernetes Cluster 1",
  "kubernetesMaster": {
    "hostId": "master",
    "hostname": "master.dev.kubernetes.org",
    "endpoint": "https://172.17.8.101",
    "property": [
      {
        "name": "KUBERNETES_MASTER_PORT",
        "value": "8080"
      }
    ]
  },
  "portRange": {
    "upper": "32767",
    "lower": "30000"
  },
  "kubernetesHosts": [
    {
      "hostId": "minion-1",
      "hostname": "minion-1.dev.kubernetes.org",
      "privateIPAddress": "172.17.8.102",
      "publicIPAddress": "172.17.8.102",
      "property": [
      ]
    },
    {
      "hostId": "minion-2",
      "hostname": "minion-2.dev.kubernetes.org",
      "privateIPAddress": "172.17.8.103",
      "publicIPAddress": "172.17.8.103",
      "property": [
      ]
    }
  ],
  "property": [
    {
      "name": "payload_parameter.MB_URLS",
      "value": "172.17.8.1:1883"
    },
    {
      "name": "payload_parameter.MB_USERNAME",
      "value": "system"
    },
    {
      "name": "payload_parameter.MB_PASSWORD",
      "value": "manager"
    },
    {
      "name": "payload_parameter.CEP_URLS",
      "value": "172.17.8.1:7711"
    },
    {
      "name": "payload_parameter.LOG_LEVEL",
      "value": "DEBUG"
    },
    {
      "name": "payload_parameter.METADATA_SERVICE_URL",
      "value": "https://172.17.8.1:9443"
    }
  ]
}
{code}

Following system properties can be passed by adding them in <STRATOS_HOME>/bin/stratos.sh
file to configure relevant security options.
{code}
kubernetes.oapi.version / KUBERNETES_OAPI_VERSION
kubernetes.tls.protocols / KUBERNETES_TLS_PROTOCOLS
kubernetes.trust.certificates / KUBERNETES_TRUST_CERTIFICATES
kubernetes.certs.ca.file / KUBERNETES_CERTS_CA_FILE
kubernetes.certs.ca.data / KUBERNETES_CERTS_CA_DATA
kubernetes.certs.client.file / KUBERNETES_CERTS_CLIENT_FILE
kubernetes.certs.client.data / KUBERNETES_CERTS_CLIENT_DATA
kubernetes.certs.client.key.file / KUBERNETES_CERTS_CLIENT_KEY_FILE
kubernetes.certs.client.key.data / KUBERNETES_CERTS_CLIENT_KEY_DATA
kubernetes.certs.client.key.algo / KUBERNETES_CERTS_CLIENT_KEY_ALGO
kubernetes.certs.client.key.passphrase / KUBERNETES_CERTS_CLIENT_KEY_PASSPHRASE
kubernetes.auth.basic.username / KUBERNETES_AUTH_BASIC_USERNAME
kubernetes.auth.basic.password / KUBERNETES_AUTH_BASIC_PASSWORD
kubernetes.auth.tryKubeConfig / KUBERNETES_AUTH_TRYKUBECONFIG
kubernetes.auth.tryServiceAccount / KUBERNETES_AUTH_TRYSERVICEACCOUNT
kubernetes.auth.token / KUBERNETES_AUTH_TOKEN
kubernetes.watch.reconnectInterval / KUBERNETES_WATCH_RECONNECTINTERVAL
kubernetes.watch.reconnectLimit / KUBERNETES_WATCH_RECONNECTLIMIT
kubernetes.user.agent / KUBERNETES_USER_AGENT
{code}

Regards,
Anuruddha

> Https kubernetes endpoint can't be added to Stratos
> ---------------------------------------------------
>
>                 Key: STRATOS-1657
>                 URL: https://issues.apache.org/jira/browse/STRATOS-1657
>             Project: Stratos
>          Issue Type: Improvement
>          Components: Cloud Controller, Kubernetes API Client, REST API
>    Affects Versions: 4.1.5
>            Reporter: Anuruddha Lanka Liyanarachchi
>            Assignee: Anuruddha Lanka Liyanarachchi
>             Fix For: FUTURE
>
>
> At the moment Stratos only accepts http for kubernetes endpoints. This need to changed
to support https endpoints. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message