[
https://issues.apache.org/jira/browse/STRATOS-1657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15268414#comment-15268414
]
Anuruddha Lanka Liyanarachchi edited comment on STRATOS-1657 at 5/3/16 9:23 AM:
--------------------------------------------------------------------------------
This is fixed in commit a4c516eaad75a466bd4a9449ee5f87821c3b126b.
Https endpoints can be configured as in the kubenetes-cluster.json using the
endpoint parameter.
If kubernetes endpoint is https use the "endpoint" property as below json
instead of privateIpAddress property.
{code}
{
"clusterId": "kubernetes-cluster-1",
"description": "Kubernetes Cluster 1",
"kubernetesMaster": {
"hostId": "master",
"hostname": "master.dev.kubernetes.org",
"endpoint": "https://172.17.8.101:8080";,
"property": [
]
},
"portRange": {
"upper": "32767",
"lower": "30000"
},
"kubernetesHosts": [
{
"hostId": "minion-1",
"hostname": "minion-1.dev.kubernetes.org",
"privateIPAddress": "172.17.8.102",
"publicIPAddress": "172.17.8.102",
"property": [
]
},
{
"hostId": "minion-2",
"hostname": "minion-2.dev.kubernetes.org",
"privateIPAddress": "172.17.8.103",
"publicIPAddress": "172.17.8.103",
"property": [
]
}
],
"property": [
{
"name": "payload_parameter.MB_URLS",
"value": "172.17.8.1:1883"
},
{
"name": "payload_parameter.MB_USERNAME",
"value": "system"
},
{
"name": "payload_parameter.MB_PASSWORD",
"value": "manager"
},
{
"name": "payload_parameter.CEP_URLS",
"value": "172.17.8.1:7711"
},
{
"name": "payload_parameter.LOG_LEVEL",
"value": "DEBUG"
},
{
"name": "payload_parameter.METADATA_SERVICE_URL",
"value": "https://172.17.8.1:9443";
}
]
}
{code}
Following system properties can be passed by adding them in
<STRATOS_HOME>/bin/stratos.sh file to configure relevant security options.
{code}
kubernetes.oapi.version / KUBERNETES_OAPI_VERSION
kubernetes.tls.protocols / KUBERNETES_TLS_PROTOCOLS
kubernetes.trust.certificates / KUBERNETES_TRUST_CERTIFICATES
kubernetes.certs.ca.file / KUBERNETES_CERTS_CA_FILE
kubernetes.certs.ca.data / KUBERNETES_CERTS_CA_DATA
kubernetes.certs.client.file / KUBERNETES_CERTS_CLIENT_FILE
kubernetes.certs.client.data / KUBERNETES_CERTS_CLIENT_DATA
kubernetes.certs.client.key.file / KUBERNETES_CERTS_CLIENT_KEY_FILE
kubernetes.certs.client.key.data / KUBERNETES_CERTS_CLIENT_KEY_DATA
kubernetes.certs.client.key.algo / KUBERNETES_CERTS_CLIENT_KEY_ALGO
kubernetes.certs.client.key.passphrase / KUBERNETES_CERTS_CLIENT_KEY_PASSPHRASE
kubernetes.auth.basic.username / KUBERNETES_AUTH_BASIC_USERNAME
kubernetes.auth.basic.password / KUBERNETES_AUTH_BASIC_PASSWORD
kubernetes.auth.tryKubeConfig / KUBERNETES_AUTH_TRYKUBECONFIG
kubernetes.auth.tryServiceAccount / KUBERNETES_AUTH_TRYSERVICEACCOUNT
kubernetes.auth.token / KUBERNETES_AUTH_TOKEN
kubernetes.watch.reconnectInterval / KUBERNETES_WATCH_RECONNECTINTERVAL
kubernetes.watch.reconnectLimit / KUBERNETES_WATCH_RECONNECTLIMIT
kubernetes.user.agent / KUBERNETES_USER_AGENT
{code}
Regards,
Anuruddha
was (Author: anuruddhal):
This is fixed in commit a4c516eaad75a466bd4a9449ee5f87821c3b126b.
Https endpoints can be configured as in the kubenetes-cluster.json using the
endpoint parameter.
If kubernetes endpoint is https use the "endpoint" property as below json
instead of privateIpAddress property.
{code}
{
"clusterId": "kubernetes-cluster-1",
"description": "Kubernetes Cluster 1",
"kubernetesMaster": {
"hostId": "master",
"hostname": "master.dev.kubernetes.org",
"endpoint": "https://172.17.8.101";,
"property": [
{
"name": "KUBERNETES_MASTER_PORT",
"value": "8080"
}
]
},
"portRange": {
"upper": "32767",
"lower": "30000"
},
"kubernetesHosts": [
{
"hostId": "minion-1",
"hostname": "minion-1.dev.kubernetes.org",
"privateIPAddress": "172.17.8.102",
"publicIPAddress": "172.17.8.102",
"property": [
]
},
{
"hostId": "minion-2",
"hostname": "minion-2.dev.kubernetes.org",
"privateIPAddress": "172.17.8.103",
"publicIPAddress": "172.17.8.103",
"property": [
]
}
],
"property": [
{
"name": "payload_parameter.MB_URLS",
"value": "172.17.8.1:1883"
},
{
"name": "payload_parameter.MB_USERNAME",
"value": "system"
},
{
"name": "payload_parameter.MB_PASSWORD",
"value": "manager"
},
{
"name": "payload_parameter.CEP_URLS",
"value": "172.17.8.1:7711"
},
{
"name": "payload_parameter.LOG_LEVEL",
"value": "DEBUG"
},
{
"name": "payload_parameter.METADATA_SERVICE_URL",
"value": "https://172.17.8.1:9443";
}
]
}
{code}
Following system properties can be passed by adding them in
<STRATOS_HOME>/bin/stratos.sh file to configure relevant security options.
{code}
kubernetes.oapi.version / KUBERNETES_OAPI_VERSION
kubernetes.tls.protocols / KUBERNETES_TLS_PROTOCOLS
kubernetes.trust.certificates / KUBERNETES_TRUST_CERTIFICATES
kubernetes.certs.ca.file / KUBERNETES_CERTS_CA_FILE
kubernetes.certs.ca.data / KUBERNETES_CERTS_CA_DATA
kubernetes.certs.client.file / KUBERNETES_CERTS_CLIENT_FILE
kubernetes.certs.client.data / KUBERNETES_CERTS_CLIENT_DATA
kubernetes.certs.client.key.file / KUBERNETES_CERTS_CLIENT_KEY_FILE
kubernetes.certs.client.key.data / KUBERNETES_CERTS_CLIENT_KEY_DATA
kubernetes.certs.client.key.algo / KUBERNETES_CERTS_CLIENT_KEY_ALGO
kubernetes.certs.client.key.passphrase / KUBERNETES_CERTS_CLIENT_KEY_PASSPHRASE
kubernetes.auth.basic.username / KUBERNETES_AUTH_BASIC_USERNAME
kubernetes.auth.basic.password / KUBERNETES_AUTH_BASIC_PASSWORD
kubernetes.auth.tryKubeConfig / KUBERNETES_AUTH_TRYKUBECONFIG
kubernetes.auth.tryServiceAccount / KUBERNETES_AUTH_TRYSERVICEACCOUNT
kubernetes.auth.token / KUBERNETES_AUTH_TOKEN
kubernetes.watch.reconnectInterval / KUBERNETES_WATCH_RECONNECTINTERVAL
kubernetes.watch.reconnectLimit / KUBERNETES_WATCH_RECONNECTLIMIT
kubernetes.user.agent / KUBERNETES_USER_AGENT
{code}
Regards,
Anuruddha
> Https kubernetes endpoint can't be added to Stratos
> ---------------------------------------------------
>
> Key: STRATOS-1657
> URL: https://issues.apache.org/jira/browse/STRATOS-1657
> Project: Stratos
> Issue Type: Improvement
> Components: Cloud Controller, Kubernetes API Client, REST API
> Affects Versions: 4.1.5
> Reporter: Anuruddha Lanka Liyanarachchi
> Assignee: Anuruddha Lanka Liyanarachchi
> Fix For: FUTURE
>
>
> At the moment Stratos only accepts http for kubernetes endpoints. This need
> to changed to support https endpoints.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
