Create a service account and token for use in ~/.kube/config

[kke]

Fixes #1454

Create a pharos-admin service account and sa token and use those instead of the client certificate in the kubeconfig created into ~/.kube/config during pharos up.

Instead of copying the /etc/kubernetes/admin.conf, a new config is built from scratch.

[jakolehm]

Still missing this: https://github.com/kontena/pharos-cluster/blob/master/lib/pharos/phases/configure_master.rb#L57

[kke]

If we want to update the ~/.kube/config on master, then I guess the service account should be made during pharos up instead of pharos kubeconfig?

Should it be in the /etc/kubernetes/admin.conf also?

[jakolehm]

If we want to update the ~/.kube/config on master, then I guess the service account should be made during pharos up instead of pharos kubeconfig?

Yes.

Should it be in the /etc/kubernetes/admin.conf also?

Maybe yes. @jnummelin wdyt?

[kke]

Moved to ConfigureServiceAccount phase.

Still needs some specs, though most of it would be expect(transport).to receive(:exec!).with('xyz').

[jakolehm]

We are using kubectl here because client is not yet configured?

[kke]

I added that just to validate that kubectl without sudo on master works without KUBECONFIG= or --kubeconfig=.

The next phase actually probably should be changed to use the file from home instead of /etc/kubernetes

[jakolehm]

IMO we don't need sudo for kubectl.

[jakolehm]

Ok, maybe we need because this points to root readable kubeconfig?

[kke]

error: Error loading config file "/etc/kubernetes/admin.conf": open /etc/kubernetes/admin.conf: permission denied

[kke]

Any idea why the validation fails on drone? Works fine on my vagrant.

3645 | [1459-do-master-0] [ERROR] + kubectl get -n kube-system serviceaccount/pharos-admin
3646 | [1459-do-master-0] [ERROR] Unable to connect to the server: Forbidden
3647 | [1459-do-master-0] [WARN] Retrying after 2 seconds (#107) ...