Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make in-cluster configuration easy #395

Open
cben opened this issue Feb 24, 2019 · 3 comments
Open

Make in-cluster configuration easy #395

cben opened this issue Feb 24, 2019 · 3 comments
Labels
enhancement help wanted

Comments

@cben
Copy link
Collaborator

cben commented Feb 24, 2019

Splitting from discussion in #394:

Tangentially, I would suggest that we configure this to "just work" inside a Kubernetes cluster. That is detect and implement the code in the README section "Inside a Kubernetes Cluster" when no other authorization is provided.

That sounds like a good idea. Looking at how client-go implements rest.InClusterConfig, looks like we can just lift that wholesale. In fact, that's pretty much what I've seen most apps doing (unsurprisingly).

I think adding the in-cluster ability as a new method on Kubeclient::Config should be sufficient, and we'll leave the responsibility of calling the appropriate method to the caller (since sometimes clients are run in-cluster, but with a mounted kubeconfig to speak with other clusters). This has the nice benefit of mirroring the conventions of the client-go package as well

For reference see also our gem that implements this (in ruby): https://github.com/keylimetoolbox/resque-kubernetes/blob/v2.0.0/lib/resque/kubernetes/context/well_known.rb

And yes, we should do this as a last resort. If there's a provided configuration use that; if not, check for GCP; final step is to check for in-cluster.
@cben cben mentioned this issue Feb 24, 2019
Merged
@cben
Copy link
Collaborator Author

cben commented Feb 24, 2019

BTW, there is a small discrepancy between what k8s documents and what client-go does, related to rare issue kubernetes/kubernetes#40973 where the env vars are not always set. See previous discussion on #316.

@cben
Copy link
Collaborator Author

cben commented May 1, 2019

I think it'll make sense to extract config & auth parts from kubeclient + https://github.com/kubernetes-client/ruby/ into a new gem and make both projects use it.
They already have InClusterConfig class, Kubernetes.load_incluster_config helper, and default logic in https://github.com/kubernetes-client/ruby/blob/master/kubernetes/src/kubernetes/loader.rb that tries:

  1. $KUBECONFIG, if file exists
  2. ~/.kube/config, if file exists
  3. InClusterConfig.in_cluster?

@cben
Copy link
Collaborator Author

cben commented Aug 7, 2019

Kubernetes plans to change service account tokens to short-lived: kubernetes/kubernetes#70679
This even simple in-cluster config will require on-the fly auth updates (#393)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cben