Restart Kubernetes API server with different options

Ravenix picture Ravenix · Jan 10, 2017 · Viewed 9.7k times · Source

I'm pretty new to Kubernetes and clusters so this might be very simple.

I set up a Kubernetes cluster with 5 nodes using kubeadm following this guide. I got some issues but it all worked in the end. So now I want to install the Web UI (Dashboard). To do so I need to set up authentication:

Please note, this works only if the apiserver is set up to allow authentication with username and password. This is not currently the case with the some setup tools (e.g., kubeadm). Refer to the authentication admin documentation for information on how to configure authentication manually.

So I got to read authentication page of the documentation. And I decided I want to add authentication via a Static Password File. To do so I have to append the option --basic-auth-file=SOMEFILE to the Api server.

When I do ps -aux | grep kube-apiserver this is the result, so it is already running. (which makes sense because I use it when calling kubectl)

kube-apiserver 
  --insecure-bind-address=127.0.0.1
  --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota 
  --service-cluster-ip-range=10.96.0.0/12 
  --service-account-key-file=/etc/kubernetes/pki/apiserver-key.pem 
  --client-ca-file=/etc/kubernetes/pki/ca.pem 
  --tls-cert-file=/etc/kubernetes/pki/apiserver.pem 
  --tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem 
  --token-auth-file=/etc/kubernetes/pki/tokens.csv 
  --secure-port=6443 
  --allow-privileged 
  --advertise-address=192.168.1.137
  --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 
  --anonymous-auth=false 
  --etcd-servers=http://127.0.0.1:2379

Couple of questions I have:

  • So where are all these options set?
  • Can i just kill this process and restart it with the option I need?
  • Will it be started when I reboot the system?

Answer

Ravenix picture Ravenix · Jan 10, 2017

in /etc/kubernetes/manifests is a file called kube-apiserver.json. This is a JSON file and contains all the option you can set. I've appended the --basic-auth-file=SOMEFILE and rebooted the system (right after the change of the file kubectl wasn't working anymore and the API was shutdown)

After a reboot the whole system was working again.

Update

I didn't manage to run the dashboard using this. What I did in the end was installing the dashboard on the cluster. copying the keys from the master node (/etc/kubernetes/admin.conf) to my laptop and did kubectl proxy to proxy the traffic of the dashboard to my local machine. Now I can access it on my laptop through 127.0.0.1:8001/ui