Set --requestheader-client-ca-file flag

Rancher 2.0 Tech Preview
1

Hi, i am trying to get Stash from Appscode up and running on Rancher 2 (RKE). But it requires a flag on the apiserver:
Set --requestheader-client-ca-file flag on Kubernetes apiserver

Is it possible to add this on a running cluster?, or do i need to delete it, and create a new.
In either way, how would i set this flag?

2

I am having the same problem enabling aggregation layer in kubernetes with Rancher 2.0? We need to setup additional flags on the kube-apiserver. Can someone please help?

3

I think you can do this via the extra_args config option:

4

Hi @cjellick,

Thank you. Have you any idea how i add the extra_args config option, if i have created the cluster using the EC2 template on rancher 2 UI.

Alternatively if i am to create the cluster again then how do i add this option through the UI.

Or is there any other way

5

Shoot, I didn’t realize you were using RKE through the Rancher UI. I don’t think we expose that option. RKE is not my area of expertise. I’ll follow up with someone that has more expertise in the area or have them foillow up here.

6

Spoke with someone more knowledgeable. The ability to set this is in our API but not in the UI. The easiest thing to do is to create the cluster through the UI and then edit it in the API UI afterwards (once created, on the page that lists clusters, you should see three vertical dots that you can click on to open the cluster in the API).

We still need to figure out the UX around exposing all the knobs and levers available for setting up kubernetes. It would be quite overwhelming to users if not presented properly.

7

@Kusan_Atukorala i just got around to looking into it, it took me a little time to figure it out, so if you havn’t gotten it to work, here is what i did.

As @cjellick said, click “View in API” when clicking the 3 “dots” on the cluster.

When the API opens, click “Edit” in the side bar.

There are 3 text areas amazonElasticContainerServiceConfig, azureKubernetesServiceConfig, googleKubernetesEngineConfig these needs to be set to null

After this go to the rancherKubernetesEngineConfig field in the bottom, and edit the JSON (Keep your tung in your mouth :smiley: ) update kubeApi and add e.g.: {“extraArgs”:{“foo”:“bar”} this will set –foo=bar on the kubeapi after this show request, and send, then it should update the cluster and work.

You can verify it by e.g. SSH into the master server and run:

  1. docker exec -ti kubelet bash
  2. ps faux | grep kubelet
    To see the kube-api arguments

Feel free to poke me if you can’t get it to work i am jonas on Slack if that’s easier :slight_smile:

8

@jonas thanks for circling back and following up with explicit steps!