Skip to content
This repository has been archived by the owner on Jan 8, 2023. It is now read-only.

k8s.md: improve instructions for minikube #239

Closed
wants to merge 1 commit into from
Closed

k8s.md: improve instructions for minikube #239

wants to merge 1 commit into from

Conversation

michalskrivanek
Copy link
Contributor

minikube by default doesn't use any authentication. Unauthenticated
API access needs to be enabled in minikube so that forklift-ui proxy
can access cluster-api

@michalskrivanek
k8s.md: improve instructions for minikube
3197cb5 
minikube by default doesn't use any authentication. Unauthenticated
API access needs to be enabled in minikube so that forklift-ui proxy
can access cluster-api
@fbladilo fbladilo self-requested a review July 13, 2022 16:58
@fbladilo
Copy link
Collaborator

fbladilo commented Jul 13, 2022
edited
Loading

@michalskrivanek Couldn't we use straight kubectl proxy to provide secure connections to the API server? Certainly worth investigating, I think at some point it would be good discuss a more robust fix for Kubernetes in general (minikube included) when working with UI / noauth.

@michalskrivanek
Copy link
Contributor Author

@fbladilo I'm not much familiar with how to do that. It's for the services running inside the cluster, would that need a separate pod being deployed with proxy as part of the namespace that would do the proxying?
or maybe it shouldn't be noauth when talking to API from within the cluster as opposed to running locally

@mnecas mnecas mentioned this pull request Aug 16, 2022
Merged
ahadas
ahadas reviewed Aug 29, 2022
View reviewed changes
docs/k8s.md
@@ -5,6 +5,18 @@
- **Kubernetes cluster or Minikube v1.17+**
- **Operator Lifecycle Manager (OLM)**

Additionally you need to configure Kubernetes API acces control. On minikube you can use ABAC authorization allowing unauthenticated access to API by creating a policy file
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Additionally you need to configure Kubernetes API acces control. On minikube you can use ABAC authorization allowing unauthenticated access to API by creating a policy file
Additionally you need to configure Kubernetes API access control. On minikube you can use ABAC authorization allowing unauthenticated access to API by creating a policy file

@yaacov
Copy link
Member

yaacov commented Aug 30, 2022
edited
Loading

For running the UI, I installed forklift-operator on minkube [1] using the docs [3] and a script [4]

I created a "forklift" user and gave it "cluster-admin" privileges [1], I give it the "forklift" user token
manually [2], and set the UI to not use OAuth:

K8S_AUTH_BEARER_TOKEN=31ada4fd-adec-460c-809a-9e56ceb75269 AUTH_REQUIRED=false yarn start:dev:remote

( using this approach a user that has access the forklift-UI has access to the resources "forklift" user as access to without providing credentials )

[1] https://github.com/konveyor/forklift-console-plugin/blob/main/scripts/configure-minikube.sh
[2] kubev2v/forklift-ui#983
[3] https://github.com/konveyor/forklift-operator/blob/main/docs/k8s.md
[4] kubev2v/forklift-console-plugin#29

EDIT:
the UI requires an unmerged PR to use this method
kubev2v/forklift-ui#986

@ahadas
Copy link
Member

ahadas commented Jan 8, 2023
edited
Loading

I'm closing this PR since this repository is going to be archived - if anyone is interested in updating the documentation for minikube, it should be done in https://github.com/kubev2v/forklift

@ahadas ahadas closed this Jan 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ahadas ahadas ahadas left review comments

@fbladilo fbladilo Awaiting requested review from fbladilo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@michalskrivanek @fbladilo @yaacov @ahadas