| openstackgerrit | Pete Birley proposed openstack/airship-promenade master: Kubernetes: Update kubernetes version to v1.10.11 https://review.openstack.org/624841 | 00:39 |
|---|---|---|
| *** aaronsheffield has quit IRC | 00:45 | |
| *** jamesgu__ has quit IRC | 01:42 | |
| *** irclogbot_0 has quit IRC | 14:00 | |
| *** irclogbot_0 has joined #airshipit | 14:06 | |
| *** irclogbot_0 has quit IRC | 14:14 | |
| *** aaronsheffield has joined #airshipit | 14:15 | |
| *** irclogbot_0 has joined #airshipit | 14:21 | |
| *** krypto has joined #airshipit | 15:10 | |
| *** cfriesen has joined #airshipit | 15:44 | |
| *** nick_kar has quit IRC | 15:59 | |
| *** nick_kar has joined #airshipit | 16:00 | |
| openstackgerrit | Merged openstack/airship-in-a-bottle master: Make the gate more configurable https://review.openstack.org/616625 | 16:38 |
| openstackgerrit | Merged openstack/airship-in-a-bottle master: MAAS ingress related fixes for airship-in-a-bottle https://review.openstack.org/624529 | 16:57 |
| *** seaneagan has quit IRC | 17:15 | |
| *** seaneagan has joined #airshipit | 17:15 | |
| openstackgerrit | Vladyslav Drok proposed openstack/airship-treasuremap master: Add separate rabbit admin entry for shipyard https://review.openstack.org/617812 | 17:30 |
| *** ianychoi has quit IRC | 17:42 | |
| openstackgerrit | Evgeniy L proposed openstack/airship-treasuremap master: Fix a link to OSH bugtracker in the docs https://review.openstack.org/625071 | 17:50 |
| cfriesen | is there a reference for the armada HTTP API anywhere? | 19:18 |
| mattmceuen | yes, but only the document format as far as I'm aware cfriesen: https://airship-armada.readthedocs.io/en/latest/operations/guide-build-armada-yaml.html | 19:22 |
| cfriesen | mattmceuen: what section within there? | 19:25 |
| evgenyl | cfriesen: you can also refer to swagger https://github.com/openstack/airship-armada/blob/master/swagger/swaggerV3-api.yaml | 19:27 |
| evgenyl | cfriesen: and here are the schemas https://github.com/openstack/airship-armada/tree/master/armada/schemas | 19:27 |
| cfriesen | thanks | 19:27 |
| mattmceuen | the full page there cfriesen - what specifically are you looking for? | 19:27 |
| mattmceuen | Thanks evgenyl, I forgot about the swagger docs :) | 19:28 |
| cfriesen | mattmceuen: we're interested in doing keystone authentication, it wasn't working with the CLI client, wanted to test with the HTTP API | 19:30 |
| mattmceuen | gotcha - let me know if you get stuck on that cfriesen | 19:36 |
| *** sthussey has joined #airshipit | 19:43 | |
| *** shoaibwr has joined #airshipit | 20:23 | |
| shoaibwr | Hi I need some assistance with armada. I'm trying to run armada with a kubernetes cluster that has Keystone as the auth backend. So firstly, armada allows --token option to pass a keystone token. I tried doing that, but seems like that token does not get passed all the way to kube-apiserver, since kube-apiserver respods with {system:anaonymous cann | 20:52 |
| shoaibwr | ot access pods}. Is --token even valid option? | 20:52 |
| shoaibwr | By configuring [keystone_auth] section in armada.conf, armada still fails to get authenticated by keystone. These are the errors I am seeing https://thepasteb.in/p/nZhlEY1kZyrIY | 20:59 |
| *** ianychoi has joined #airshipit | 20:59 | |
| shoaibwr | How do i go about configuring armada with a keystone backend? Thanks | 21:00 |
| sthussey | I believe the token options is for access to the Armada API | 21:01 |
| sthussey | I don't believe armada supports using Keystone for auth to Kubernetes | 21:01 |
| shoaibwr | There is a section for keystone in armada.conf. https://media.readthedocs.org/pdf/airship-armada/latest/airship-armada.pdf | 21:03 |
| sthussey | Yes, that is because Armada uses keystone for AAA of incoming API requests | 21:04 |
| sthussey | Not for communicating w/ Kubernetes. For that I believe it uses the kubernetes client library which by default supports kubeconfig or a service token | 21:04 |
| shoaibwr | Ok so say, my cluster is setup with keystone as the Auth backend, all helm commands work fine if i just set the openstack env vars. But I just cannot figure out how to pass some keystone token or some kind of user credentials as part of the "armada apply command" , such that kube-apiserver complains that the user:anonymous is not auhtorized to do a | 21:11 |
| shoaibwr | nything? Thanks again for your help | 21:11 |
| sthussey | Right, so at this point if you are backing all your apiservers w/ Keystone auth, I would just say armada is incompatible w/ your cluster | 21:16 |
| sthussey | You can open a storyboard issue on this - the main armada dev is currently on holiday but he can review it when he is back | 21:16 |
| shoaibwr | @sthussey who is the main Armada developer ? And in such a situation, is the only way to bypass this is run all individual charts directly via helm ? | 21:23 |
| sthussey | Are you using the Armada API or the Armada CLI? | 21:26 |
| cfriesen | sthussey: CLI currently | 21:39 |
| sthussey | If that is the case, you could spin up a Pod (which gets a service token) and in that pod run the CLI | 21:58 |
| sthussey | You would just need to give that pod the right RBAC access so the service account token can the needful | 21:59 |
| sthussey | Really is all the ideas I have for you at this point | 21:59 |
| openstackgerrit | James Gu proposed openstack/airship-treasuremap master: (WIP) Add bring your own k8s support in Airskiff https://review.openstack.org/623146 | 22:08 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!