issues with Bearer Token under Kuberenetes

pmorie / osb-starter-pack

A quickstart for making a new Open Service Broker

Apache License 2.0

69 stars 47 forks source link

issues with Bearer Token under Kuberenetes #95

Closed jboyd01 closed 6 years ago

jboyd01 commented 6 years ago

While rebasing https://github.com/pmorie/osb-starter-pack/pull/92 I hit several issues:

even with authenticate set to false, we still include the new authInfo in the broker.yaml - I think the chart needs to conditionally include this
in my deployment, it appears the secret name is off. I believe helm created the secret we want by the name "broker-skeleton-broker-skeleton-service-token-p59vc" but the yaml is specifying {"namespace":"broker-skeleton","name":"broker-skeleton-broker-skeleton"}
charts/servicebroker/templates/broker-service-account.yaml looks to need "apiGroup: rbac.authorization.k8s.io" under the newly added roleRef in broker-service-account.yaml

shawn-hurley commented 6 years ago

Hey Jay,

Wondering if you can give me some more debug steps? I tested w/ minikube and both authenticate: true and false worked as of last time I tried.

re-attempting now but some more steps would be helpful :)

jboyd01 commented 6 years ago

No kidding. I'm working with local-up-cluster.

What happens if you set it to false and delete the cert? I believe from what I saw in the logs the Broker will return the authInfo structure still and the catalog controller sees it and attempts to load the secret etc. In my case the secret didn't exist/couldn't be found and it error-ed out even when authenticate was set to false.

I don't think any of this is specific to my PR, but this testing was on my helm-ssl branch. I don't use minikube much, usually just local-up-cluster. I'll make some time to retry with minikube.

I'm at a loss on the secret name differences... If you can't reproduce I'll run through this again.

shawn-hurley commented 6 years ago

This is what I am seeing:

==> MISSING
KIND       NAME
secrets    broker-skeleton-broker-skeleton

Does anyone know why a resource that is created may be missing?

lilic commented 6 years ago

Maybe it's in a wrong namespace?

pmorie commented 6 years ago

I don't think the chart was ever moved away from the 'broker-skeleton' naming, which we should probably fix.

On Fri, Apr 27, 2018 at 9:56 AM, Lili Cosic notifications@github.com wrote:

Maybe it's in a wrong namespace?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/pmorie/osb-starter-pack/issues/95#issuecomment-384977485, or mute the thread https://github.com/notifications/unsubscribe-auth/AAWXmCqeIeYHCB8M3pb6ltQFHf7uQvw7ks5tsyN0gaJpZM4TgJtP .

jboyd01 commented 6 years ago

This is actually fixed. Shawn came up with the solution ( use post install hook for creating broker ("helm.sh/hook": post-install)) and its included in https://github.com/pmorie/osb-starter-pack/pull/92 which is ready to be merged.