K
Q

Kubernetes - How to change tokens for hyperkube apiserver

5/31/2016

We are using hyperkube's apiserver and configuring it via a manifest file:

"containers":[ { "name": "apiserver", "image": "gcr.io/google_containers/hyperkube-amd64:v1.2.1", "command": [ "/hyperkube", "apiserver", "--service-cluster-ip-range=192.168.0.0/23", "--service-node-port-range=9000-9999", "--bind-address=127.0.0.1", "--etcd-servers=http://127.0.0.1:4001", "--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota", "--client-ca-file=/srv/kubernetes/ca.crt", "--basic-auth-file=/srv/kubernetes/basic_auth.csv", "--min-request-timeout=300", "--tls-cert-file=/srv/kubernetes/server.cert", "--tls-private-key-file=/srv/kubernetes/server.key", "--token-auth-file=/srv/kubernetes/known_tokens.csv", "--allow-privileged=true", "--v=4" ], "volumeMounts": [ { "name": "data", "mountPath": "/srv/kubernetes" } ] }

I'm trying to figure out how to set up a different set of tokens than in /srv/kubernetes/known_tokens.csv to have users "superuser" and "reader", instead of admin, kubelet, and kube_proxy. How can I do this?

-- frederix
kubernetes

Similar Questions

Access SkyDNS etcd API on Google Container Engine to Add Custom Records
Kubernetes rolling update in case of secret update
Interactive login is required. Use 'azure login' to interactively login
how to set aws node and vagrant node when the master node in the local

1 Answer

6/1/2016

Your manifest is using the exposed volume path /srv/kubernetes, so should be able to map that to another persistent volume (http://kubernetes.io/docs/user-guide/volumes/) and setup the new files there.

You can do that by specifying a volume:

"volumes": [ { "name": "data", "hostPath": { "path": "/foo" } } ]

-- Steve Sloka
Source: StackOverflow