Kubernetes simple authentication

I am using KUbernetes on a coreOs cluster hosted on DigitalOcean. And using this repo to set it up. I start the apiserver with the following line:

/opt/bin/kube-apiserver --runtime-config=api/v1 --allow-privileged=true \ --insecure-bind-address=0.0.0.0 --insecure-port=8080 \ --secure-port=6443 --etcd-servers=http://127.0.0.1:2379 \ --logtostderr=true --advertise-address=${COREOS_PRIVATE_IPV4} \ --service-cluster-ip-range=10.100.0.0/16 --bind-address=0.0.0.0

The problem is that it accepts request from anyone! I want to be able to provide a simple user/password authentication. I have been reading this and this and it seems that I have to do something like the below, but I cannot afford to take the cluster down for a long period of time, so I need your guys help with this one.Btw, mt pods do not create another pods, so I only need a few user, like 1/2 for devs and 1 for CI.

I am thinking of doing something like include authorization-mode and authorization-policy-file flags as it seems required and make the insecure-bind-address localhost to make it only available locally. I am missing something?

/opt/bin/kube-apiserver --runtime-config=api/v1 --allow-privileged=true \ --authorization-mode=ABAC --authorization-policy-file=/access.json \ --insecure-bind-address=127.0.0.1 --insecure-port=8080 \ --secure-port=6443 --etcd-servers=http://127.0.0.1:2379 \ --logtostderr=true --advertise-address=${COREOS_PRIVATE_IPV4} \ --service-cluster-ip-range=10.100.0.0/16 --bind-address=0.0.0.0

/access.json

{"user":"admin"} {"user":"wercker"} {"user":"dev1"} {"user":"dev2"}

But where are the passwords? How do I actually make the request with kubectl and curl or httpie?