5 Essential Tips for Maximizing Your Experience at Nutanix .NEXT for Bloggers
Thanks @vshuguet This is the info I was looking to confirm. I can get things working with the service accounts and bearer tokens. It was the certificate-based authentication I was looking to test out, but since it isn’t supported, this would indicate why I am able to approve a request but not see anything issued. Thank you both for all the replies. Understanding the PC hook was very valuable here. Thanks!
Thanks @vshuguet. That works. My initial need was to figure out how we can get CSR’s approved - does Karbon do that?What I would like to do is setup a certificate-based user access like this: Kubernetes Tips: Give Access To Your Cluster With A Client CertificateHowever, I am unable to get past the CSR part since it never issues and thus I can never see a client certificate. My ultimate goal here (and I might just not be that savvy enough with certs) is to allow remote authentication to a Karbon cluster via a certificate.
Thanks, I just went through that. While I can hit the Karbon URL and login with my AD username that I mapped in prism central as a User Admin, the kubeconfig file it downloads for the cluster still just says default-user-<clustername> - should that be my username instead? I found a post online where the person had the same issues as we did around certs and they added this:I got similar problem. When I check with the following command:kubectl get svcIt seems that the status of the csr is approved, but not issued. Any idea how to fix it?[Updated] I found the problem. It is because the kube-controller-manager missed these options:--cluster-signing-cert-file and --cluster-signing-key-fileI could find the kube-apiserver.yaml on the master node which seemed to have the config in there for the controller and those options weren’t in there. However, I am not sure what to point them to as a test since I’m over my head at that point with certificates. Any thoughts to why my username might
Thanks for the quick reply @mikkisse I don’t believe I am familiar with the integration of PC Users and k8s RBAC. I think I saw a blog or post on that while I was searching before I wrote this so let me see if I can go back and find it. Would be nice to understand why we both hit the same issue. Admittedly, I am not an expert with certificates so I don’t know where the issue might lie.
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.