k8s 1.16: basic auth doesn't work
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Kubernetes Control Plane Charm |
Fix Released
|
Critical
|
George Kraft | ||
Bug Description
Running cs:charmed-
error: You must be logged in to the server (Unauthorized)
This is happening because kube-apiserver's --basic-auth-file option has been deprecated[1]. It's still usable, but since the option no longer appears in kube-apiserver help output, the kube-apiserver snap[2] no longer passes the config through to kube-apiserver.
It is unclear when basic auth support will be removed entirely.
I see two potential short term fixes:
1. Manually add the basic-auth-file arg to the kube-apiserver snap.
2. Update the charm to do all configuration through the "args" option, which does not depend on help output.
But the obvious fix, and the only long term one, is to stop using basic auth. We already use token auth in some places. We'll just need to use it everywhere we currently use basic auth.
[1]: https:/
[2]: https:/
| George Kraft (cynerva) wrote | #1 |
| Changed in charm-kubernetes-master: | |
| assignee: | nobody → George Kraft (cynerva) |
| status: | New → In Progress |
| George Kraft (cynerva) wrote | #2 |
| summary: |
- k8s 1.16: basic auth is deprecated + k8s 1.16: basic auth doesn't work |
| Changed in charm-kubernetes-master: | |
| milestone: | none → 1.16 |
| importance: | Undecided → Critical |
| George Kraft (cynerva) wrote | #3 |
| Changed in charm-kubernetes-master: | |
| status: | In Progress → Fix Committed |
| George Kraft (cynerva) wrote | #4 |
| Changed in charm-kubernetes-master: | |
| status: | Fix Committed → Fix Released |
I'm gonna go ahead and do one of the short-term fixes so we can get 1.16 working ASAP.