5 Essential Tips for Maximizing Your Experience at Nutanix .NEXT for Bloggers
Thanks for the quick reply @mikkisse I don’t believe I am familiar with the integration of PC Users and k8s RBAC. I think I saw a blog or post on that while I was searching before I wrote this so let me see if I can go back and find it. Would be nice to understand why we both hit the same issue. Admittedly, I am not an expert with certificates so I don’t know where the issue might lie.
Thanks, I just went through that. While I can hit the Karbon URL and login with my AD username that I mapped in prism central as a User Admin, the kubeconfig file it downloads for the cluster still just says default-user-<clustername> - should that be my username instead? I found a post online where the person had the same issues as we did around certs and they added this:I got similar problem. When I check with the following command:kubectl get svcIt seems that the status of the csr is approved, but not issued. Any idea how to fix it?[Updated] I found the problem. It is because the kube-controller-manager missed these options:--cluster-signing-cert-file and --cluster-signing-key-fileI could find the kube-apiserver.yaml on the master node which seemed to have the config in there for the controller and those options weren’t in there. However, I am not sure what to point them to as a test since I’m over my head at that point with certificates. Any thoughts to why my username might
Thanks @vshuguet. That works. My initial need was to figure out how we can get CSR’s approved - does Karbon do that?What I would like to do is setup a certificate-based user access like this: Kubernetes Tips: Give Access To Your Cluster With A Client CertificateHowever, I am unable to get past the CSR part since it never issues and thus I can never see a client certificate. My ultimate goal here (and I might just not be that savvy enough with certs) is to allow remote authentication to a Karbon cluster via a certificate.
Thanks @vshuguet This is the info I was looking to confirm. I can get things working with the service accounts and bearer tokens. It was the certificate-based authentication I was looking to test out, but since it isn’t supported, this would indicate why I am able to approve a request but not see anything issued. Thank you both for all the replies. Understanding the PC hook was very valuable here. Thanks!
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.