Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot set admin user credentials via helm chart values.yaml #270

Open
heytrav opened this issue Dec 13, 2024 · 1 comment
Open

Cannot set admin user credentials via helm chart values.yaml #270

heytrav opened this issue Dec 13, 2024 · 1 comment

Comments

@heytrav
Copy link

heytrav commented Dec 13, 2024

What happened?

I'm trying to bootstrap vcluster-platform using the helm chart. I'm passing the following in my values.yaml:

admin:
  create: true
  username: someuser
  password: somepassword

What did you expect to happen?

Expect to be able to log into my vcluster UI using the login username and password that I added in values.

How can we reproduce it (as minimally and precisely as possible)?

helm repo add loft-sh https://charts.loft.sh
helm template vcluster loft-sh/vcluster-platform --set admin.username=bob --set admin.create=true --set admin.password=test

I would expect to see something in the template to indicate that the admin values are being passed to the cluster, and yet the only Secret looks no different without the additional arguments.

Generated template

---
# Source: vcluster-platform/templates/pdb.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: loft
  labels:
    app: loft
    release: vcluster
spec:
  minAvailable: 1
  selector:
    matchLabels:
      app: loft
      release: vcluster
---
# Source: vcluster-platform/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: loft
  namespace: default
  labels:
    app: loft
    chart: "vcluster-platform-4.1.1"
    release: "vcluster"
    heritage: "Helm"
---
# Source: vcluster-platform/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: loft-manager-config
  namespace: default
  labels:
    app: loft
    chart: "vcluster-platform-4.1.1"
    release: "vcluster"
    heritage: "Helm"
  annotations:
    loft.sh/version: 4.1.1
data:
  config: YXVkaXQ6CiAgZW5hYmxlZDogdHJ1ZQ==
---
# Source: vcluster-platform/templates/rbac/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: loft-management-admin
  labels:
    app: loft
    chart: "vcluster-platform-4.1.1"
    release: "vcluster"
    heritage: "Helm"
subjects:
- kind: ServiceAccount
  name: loft
  namespace: default
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
---
# Source: vcluster-platform/templates/apiservice.yaml
apiVersion: v1
kind: Service
metadata:
  name: loft-apiservice
  namespace: default
  labels:
    app: loft
    chart: "vcluster-platform-4.1.1"
    release: "vcluster"
    heritage: "Helm"
spec:
  ports:
    - name: apiservice
      port: 443
      targetPort: 8443
      protocol: TCP
  selector:
    app: loft
    release: vcluster
---
# Source: vcluster-platform/templates/apiservice.yaml
apiVersion: v1
kind: Service
metadata:
  name: loft-apiservice-agent
  namespace: default
  labels:
    app: loft
    chart: "vcluster-platform-4.1.1"
    release: "vcluster"
    heritage: "Helm"
spec:
  ports:
    - name: apiservice
      port: 443
      targetPort: 9444
      protocol: TCP
  selector:
    app: loft
    release: vcluster
---
# Source: vcluster-platform/templates/ingress-wakeup-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: loft-ingress-wakeup-agent
  namespace: default
  labels:
    app: loft
    loft.sh/service: loft
    chart: "vcluster-platform-4.1.1"
    release: "vcluster"
    heritage: "Helm"
spec:
  type: ClusterIP
  ports:
    - name: http-wakeup
      port: 9090
      targetPort: 9090
      protocol: TCP
  selector:
    app: loft
    release: vcluster
---
# Source: vcluster-platform/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: loft
  namespace: default
  labels:
    app: loft
    loft.sh/service: loft
    chart: "vcluster-platform"
    release: "vcluster"
    heritage: "Helm"
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      targetPort: 8080
      nodePort: 
      protocol: TCP
    - name: https
      port: 443
      targetPort: 10443
      nodePort: 
      protocol: TCP
  selector:
    app: loft
    release: vcluster
---
# Source: vcluster-platform/templates/webhook.yaml
apiVersion: v1
kind: Service
metadata:
  name: loft-webhook-agent
  namespace: default
  labels:
    app: loft
    chart: "vcluster-platform-4.1.1"
    release: "vcluster"
    heritage: "Helm"
spec:
  type: ClusterIP
  ports:
    - name: https-webhook
      port: 443
      targetPort: 9443
      protocol: TCP
  selector:
    app: loft
    release: vcluster
---
# Source: vcluster-platform/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: loft
  namespace: default
  labels:
    app: loft
    chart: "vcluster-platform-4.1.1"
    release: "vcluster"
    heritage: "Helm"
spec:
  selector:
    matchLabels:
      app: loft
      release: vcluster
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: loft
        release: vcluster
    spec:
      terminationGracePeriodSeconds: 10
      serviceAccountName: loft
      volumes:
        - name: loft-data
          emptyDir: {}
      containers:
      - name: manager
        image: ghcr.io/loft-sh/vcluster-platform:4.1.1
        ports:
          - name: http
            containerPort: 8080
          - name: https
            containerPort: 10443
          - name: https-webhook
            containerPort: 9443
          - name: http-wakeup
            containerPort: 9090
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
          failureThreshold: 30
          initialDelaySeconds: 5
          periodSeconds: 5
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8080
          failureThreshold: 30
          initialDelaySeconds: 5
          periodSeconds: 5
        env:
        - name: ADMIN_EMAIL
          value: 
        - name: CHART_VERSION
          value: 4.1.1
        - name: ADMIN_PASSWORD_HASH
          value: "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
        - name: LOFT_LOG_ENCODING
          value: console
        - name: LOFT_LOG_LEVEL
          value: info
        volumeMounts:
          - mountPath: /var/lib/loft
            name: loft-data
        resources:
          limits:
            cpu: "2"
            memory: 4Gi
          requests:
            cpu: 200m
            memory: 256Mi
        securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            
            privileged: false
            runAsNonRoot: true
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - preference:
              matchExpressions:
              - key: eks.amazonaws.com/capacityType
                operator: NotIn
                values:
                - SPOT
              - key: kubernetes.azure.com/scalesetpriority
                operator: NotIn
                values:
                - spot
              - key: cloud.google.com/gke-provisioning
                operator: NotIn
                values:
                - spot
            weight: 1
      securityContext:
        {}
---
# Source: vcluster-platform/templates/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  name: v1.management.loft.sh
spec:
  version: v1
  versionPriority: 1000
  group: management.loft.sh
  groupPriorityMinimum: 10000
  service:
    name: loft-apiservice
    namespace: default

Anything else we need to know?

If I try and use the default username "admin" I see this message in the UI

Error: Secret "loft-user-secret-admin" not found (NotFound)

However if I try to use the admin password i actually provided in the helm values I get

Error: wrong username or password (BadRequest)

It just seems to completely ignore what I am providing.

Host cluster Kubernetes version

$ kubectl version
1.31

vcluster version

$ vcluster --version
# paste output here

VCluster Config

 config:
   loftHost: somehost.vcluster.com
 ingress:
   enabled: true
   ingressClass: xxxx
   host:  somehost.vcluster.com
   tls:
     enabled: true
     secret: vcluster-tls
@Rajakavitha1
Copy link

Rajakavitha1 commented Dec 31, 2024
edited
Loading

Hi @heytrav
Could you please try this and let me know what is the result:

admin:
  create: true
  username: admin
  password: "my-password"

My understanding is that the username should be the default admin as it is listed here: https://github.com/loft-sh/loft/blob/master/chart/values.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heytrav @Rajakavitha1