2

https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file says we need to add this flag to use static token authentication but does not show the procedure how to do it.

I have installed kubernetes using kubeadm

confused genius
  • 2,876
  • 2
  • 16
  • 29

1 Answers1

3

Well you have to pass the path where is static token file located on your host machine in directoy so that you can point to that file just like this. Edit the kubeapiserver.yaml file which is located at /etc/kubernetes/manifests and add the below flag. Once you edit the yaml file you will see something like this

  --etcd-servers=http://127.0.0.1:2379
  --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota
  --service-account-key-file=/srv/kubernetes/pubkey.pem
  --service-cluster-ip-range=10.96.0.0/16
  --allow-privileged=true
  --authorization-mode=RBAC
  --enable-bootstrap-token-auth=true
  --token-auth-file=/path/where/yourfile/located/which/contain/tokens  # here add your path
  --client-ca-file=/var/lib/kubernetes/cacert.pem
  --tls-cert-file=/var/lib/kubernetes/servercert.pem
  --tls-private-key-file=/var/lib/kubernetes/serverkey.pem
  --address=172.18.11.249
  --insecure-bind-address=127.0.0.1
  --advertise-address=172.18.11.249
  --audit-log-maxage=30
  --audit-log-maxsize=100
  --audit-log-path=/var/log/kube-apiserver.log
  --v=4
Dashrath Mundkar
  • 7,956
  • 2
  • 28
  • 42
  • how to pass this file/info to kube-api server is my question ? using which command ? – confused genius Sep 10 '20 at 10:55
  • 1
    the moment i edit that file , My kube-apiserver pod is crashing and none of the kubectl command works and kube-apiserver container is continously restarting [root@project1-master ~]# kubectl get nodes The connection to the server 15.250.87.114:6443 was refused - did you specify the right host or port? – confused genius Sep 10 '20 at 11:07
  • 1
    you just added the token-auth-file right? check the logs of docker container of kube-api-server do ```docker ps``` and get the container id and look for logs using ```docker logs ID``` – Dashrath Mundkar Sep 10 '20 at 11:26
  • 2
    i had to add Volumemount & volumes sections as well as mentionted in https://stackoverflow.com/a/43075428/3638081 – confused genius Sep 10 '20 at 12:38