Add basic auth

sebgoa · sebgoa · commit fe559bc9377e · 2016-04-29T12:16:30.000+02:00
diff --git a/k8s.yml b/k8s.yml
@@ -6,9 +6,11 @@
     k8s_version: v1.2.0
     k8s_num_nodes: 2
     k8s_security_group_name: k8s
-    k8s_node_prefix: k8s
+    k8s_node_prefix: bar
+    k8s_username: foobar
+    k8s_password: FdKPSuwQ
 # This template name is specific to http://exoscale.ch, replace it
-    k8s_template: Linux CoreOS stable 723 64-bit 10G Disk (2015-08-04-600521)
+    k8s_template: Linux CoreOS stable 899 64-bit 50G Disk (2016-04-05-d6cdbb) 
     k8s_instance_type: Tiny
 
   roles:
diff --git a/roles/k8s/tasks/create_context.yml b/roles/k8s/tasks/create_context.yml
@@ -1,11 +1,14 @@
 # Create k8s context
 
   - name: Set context cluster 
-    command: kubectl config set-cluster exo --server=http://{{ k8s_master.default_ip }}:8080 --insecure-skip-tls-verify=true
+    command: kubectl config set-cluster exo --server=https://{{ k8s_master.default_ip }}:443 --insecure-skip-tls-verify=true
     tags: context
 
+  - name: Set context user
+    command: kubectl config set-credentials exo --username={{ k8s_username }} --password={{ k8s_password}}
+
   - name: Create context
-    command: kubectl config set-context exo --cluster=exo
+    command: kubectl config set-context exo --cluster=exo --user=exo
 
   - name: Use context
     command: kubectl config use-context exo
diff --git a/roles/k8s/tasks/create_secgroup_rules.yml b/roles/k8s/tasks/create_secgroup_rules.yml
@@ -76,9 +76,9 @@
      end_port: 8080
      user_security_group: "{{ k8s_security_group_name }}"
 
-  - name: k8s public 8080
+  - name: k8s public secure
     local_action:
      module: cs_securitygroup_rule
      security_group: "{{ k8s_security_group_name }}"
-     start_port: 8080
-     end_port: 8080    
+     start_port: 443
+     end_port: 443   
diff --git a/roles/k8s/templates/k8s-master.j2 b/roles/k8s/templates/k8s-master.j2
@@ -7,6 +7,11 @@ write-files:
     content: |
       OPTS_RPC_MOUNTD=""
 
+  - path: /srv/kubernetes/basicauth.csv
+    permissions: '0644'
+    content: |
+      {{ k8s_password }},{{ k8s_username }},1
+
   - path: /opt/bin/wupiao
     permissions: '0755'
     content: |
@@ -149,6 +154,7 @@ coreos:
         ExecStart=/opt/bin/kube-apiserver \
         --service-account-key-file=/opt/bin/kube-serviceaccount.key \
         --service-account-lookup=false \
+        --basic-auth-file=/srv/kubernetes/basicauth.csv \
         --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \
         --runtime-config=api/v1 \
         --allow-privileged=true \
