Thursday, 1 March 2018

IBM Cloud Private - The credentials, they are a-changin'

This confused me briefly today :-)

I was trying to log in to an existing IBM Cloud Private (ICP) Kubernetes environment, using kubectl.

I'd previously noted down the credentials that I used previously: -

kubectl config set-cluster mycluster.icp --server=https://192.168.1.100:8001 --insecure-skip-tls-verify=true

kubectl config set-context mycluster.icp-context --cluster=mycluster.icp

kubectl config set-credentials admin --token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF0X2hhc2giOiI5T2FuZkVHR1Blb1g2bkI3RGRTVmxRIiwiaXNzIjoiaHR0cHM6Ly9teWNsdXN0ZXIuaWNwOjk0NDMvb2lkYy9lbmRwb2ludC9PUCIsImF1ZCI6ImM5MmYwOTZjNGNjYTVkYzM0NWIyODk2ZjI3NmNmZjdjIiwiZXhwIjoxNTE5ODUyNzI4LCJpYXQiOjE1MTk4MDk1Mjh9.K_KswVKnEeHAwNM9rFkrKm1fghP8X7jVIrOUeHbiT9YJ1RBOkDhvDgyHvbA-1sKB287W50v1ViaSMk-hty-7vA5TH_eHmWdNeVFCdJ13jN-Xq9bOn9SWYh5Q2mLsecVSwLGN-mVKDmiz-wkeI05nATlLjQB7l1RS8dl7myWpBOyRN6aXdUPmHHXzUJfWUWU9tuLGu6L5cV28Cj7FTV2ZQDqonss4XK1eDVmRIIV7EnORocaVExtuqR74wuIB3JxPyjURr0at2Hayh8-YqZYzOoDLawzPe9igPJfIJ_KAAGJYP8X71LbTCUEOqUWpxT5mB77kdCAuyAub0J1Th5alNw

kubectl config set-context mycluster.icp-context --user=admin --namespace=default

kubectl config use-context mycluster.icp-context

Now the only thing that had changed was the day/date/time, and also the fact that I'd rebooted the VMs that host the ICP Boot/Worker/Proxy nodes.

However, when I used the same set of credentials, and tried to use another kubectl command: -

kubectl get pods

I saw this: -

error: You must be logged in to the server (Unauthorized)

Now I'd previously obtained the credentials from the ICP GUI: -




However, when I grabbed them afresh today: -

kubectl config set-cluster mycluster.icp --server=https://192.168.1.100:8001 --insecure-skip-tls-verify=true

kubectl config set-context mycluster.icp-context --cluster=mycluster.icp

kubectl config set-credentials admin --token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF0X2hhc2giOiI1ZHkwWnJxYXE3dHNPSTBRTEtrcGhnIiwiaXNzIjoiaHR0cHM6Ly9teWNsdXN0ZXIuaWNwOjk0NDMvb2lkYy9lbmRwb2ludC9PUCIsImF1ZCI6ImM5MmYwOTZjNGNjYTVkYzM0NWIyODk2ZjI3NmNmZjdjIiwiZXhwIjoxNTE5OTUzNTQ2LCJpYXQiOjE1MTk5MTAzNDZ9.Eh0gTus1jYSWiIQsgxrWFhiAov19Su91V6uPVjsDbPCTrYC0aCgEXRSpUunSLRrOxoYU8jkAS87FtEt93UrH3gy91j-YGYGC1o2UYVXqtiyTgDzcHvCybzCpnqRZn8pH5Z9yF1G_zwE5_tRMcrrVxcGaBaOr-K7i-4RDAChs-2SdvwoehANJpe9xANdrYQR2LuZZAU4XGTDYgfmUB5E8w0QKTvNKqBU7LkLUA-hvDY8mP4UKXzKsjno4If_0XZB6eUB-iCiD4yEVOpCzzm68-gyUJ5pNOWpQmhWQ2_Ptb5rGx_4h68huRp1M1aTl8kkgmfp3gB-kdscbiscclNTZRw

kubectl config set-context mycluster.icp-context --user=admin --namespace=default

kubectl config use-context mycluster.icp-context

I noticed that the tokenised password had changed: -

Yesterday

kubectl config set-credentials admin --token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF0X2hhc2giOiI5T2FuZkVHR1Blb1g2bkI3RGRTVmxRIiwiaXNzIjoiaHR0cHM6Ly9teWNsdXN0ZXIuaWNwOjk0NDMvb2lkYy9lbmRwb2ludC9PUCIsImF1ZCI6ImM5MmYwOTZjNGNjYTVkYzM0NWIyODk2ZjI3NmNmZjdjIiwiZXhwIjoxNTE5ODUyNzI4LCJpYXQiOjE1MTk4MDk1Mjh9.K_KswVKnEeHAwNM9rFkrKm1fghP8X7jVIrOUeHbiT9YJ1RBOkDhvDgyHvbA-1sKB287W50v1ViaSMk-hty-7vA5TH_eHmWdNeVFCdJ13jN-Xq9bOn9SWYh5Q2mLsecVSwLGN-mVKDmiz-wkeI05nATlLjQB7l1RS8dl7myWpBOyRN6aXdUPmHHXzUJfWUWU9tuLGu6L5cV28Cj7FTV2ZQDqonss4XK1eDVmRIIV7EnORocaVExtuqR74wuIB3JxPyjURr0at2Hayh8-YqZYzOoDLawzPe9igPJfIJ_KAAGJYP8X71LbTCUEOqUWpxT5mB77kdCAuyAub0J1Th5alNw

Today

kubectl config set-credentials admin --token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF0X2hhc2giOiI1ZHkwWnJxYXE3dHNPSTBRTEtrcGhnIiwiaXNzIjoiaHR0cHM6Ly9teWNsdXN0ZXIuaWNwOjk0NDMvb2lkYy9lbmRwb2ludC9PUCIsImF1ZCI6ImM5MmYwOTZjNGNjYTVkYzM0NWIyODk2ZjI3NmNmZjdjIiwiZXhwIjoxNTE5OTUzNTQ2LCJpYXQiOjE1MTk5MTAzNDZ9.Eh0gTus1jYSWiIQsgxrWFhiAov19Su91V6uPVjsDbPCTrYC0aCgEXRSpUunSLRrOxoYU8jkAS87FtEt93UrH3gy91j-YGYGC1o2UYVXqtiyTgDzcHvCybzCpnqRZn8pH5Z9yF1G_zwE5_tRMcrrVxcGaBaOr-K7i-4RDAChs-2SdvwoehANJpe9xANdrYQR2LuZZAU4XGTDYgfmUB5E8w0QKTvNKqBU7LkLUA-hvDY8mP4UKXzKsjno4If_0XZB6eUB-iCiD4yEVOpCzzm68-gyUJ5pNOWpQmhWQ2_Ptb5rGx_4h68huRp1M1aTl8kkgmfp3gB-kdscbiscclNTZRw

Once I used today's set, things just worked :-)

kubectl get pods

No resources found.

kubectl get services

NAME                                          TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)          AGE
davehaydp-ibm-datapower-dev-699677858-mskvb   LoadBalancer   10.0.0.59    <pending>     9090:31059/TCP   23h
kubernetes                                    ClusterIP      10.0.0.1     <none>        443/TCP          1d

etc.

Nice :-)

No comments: