Remove OIDC warning message

[dansible]

The warning message we receive from gardenctl when using a kubeconfig with an exec arg (for OIDC) can be confusing and is not needed. GKE/EKS, and many other K8s platforms rely on similar kubeconfigs using an exec argument and do not display such warnings. Can we remove the OIDC warning message when using a kubeconfig with an exec arg?

[neo-liang-sap]

Hi @dansible , this warning message is required by dev especially from security perspective and introduced in PR #221, you can see more discussion in #221 (comment)

Some background:

1. original gardenctl doesn't allow kubeconfig contains exec
2. with OIDC enabled, we have to accept exec in kubeconfigs used by gardenctl
3. as a warning message / from security perspective this warning message is introduced, the aim is to warn use that they are at their own risk to use kubeconfigs which contains exec (might be macilious code)

Thanks.
-Neo

[petersutter]

see also https://banzaicloud.com/blog/kubeconfig-security/

[dansible]

Yes, I understand the issue and the background for it, however, constantly producing warnings whenever using an OIDC kubeconfig is distracting and can also be confusing. When we look at other platforms like GKE or EKS, they both use executable kubeconfigs but don't produce any such warnings. kubectl itself also doesn't provide any warnings when using these kubeconfigs. It should be the responsibility of the user to verify that their kubeconfig is valid. I don't think gardenctl needs to warn them every time a kubeconfig with an exec key is used, especially if it's for a valid setup like OIDC using kube-login

[tedteng]

I have one feasible solution(only on Mac), What about adding one method at the begging of ValidateClientConfig display the full Warning message when the function invoked, then bring an option to the user asking whether need to display the Warning message all the time, or dismiss 3 day

if Yes create one tmp file under /tmp folder on local for checking. Warning message will skips if tmp file exists.

By default, files that aren't accessed in three days are deleted from /tmp in Mac. https://developer.apple.com/forums/thread/71382

In this way, we can remove the OIDC warning message intermittently and also noticed msg with the user regularly as well.
@dansible @petersutter WDYT?

https://github.com/gardener/gardenctl/blob/c35fdeb85e3b4a76f1124f8b43c61fae4a5296c5/pkg/cmd/utils.go#L176-L178

[petersutter]

If the user confirms that the kubeconfig is safe you could create a hash of the kubeconfig and update the garden config. As long as the hash stays the same of the kubeconfig you do not need to bother the user to check it again

gardenClusters:
  - kubeConfig: path/to/kubeconfig/kubeconfig.yaml
    kubeConfigTrusted: 71245e04e13fd02f5be10caba8df445a6035af10e4c13a663ed4fc13255d75df
    name: dev-virtual

[tedteng]

PR in ops-guide # 175 generate garden config file with kubeocnfig md5 when initial script executed

[gardener-robot]

@tedteng You have mentioned internal references in the public. Please check.

[tedteng]

as discussed in a planning meeting yesterday, Planning to add backup config logic first

[tedteng]

• add new logic to backup config file first on local ~/.garden/config.bak
• able to handle comments when initial TrustedKubeConfigMd5 if the config contains comments

[tedteng]

as code freeze, this feature has been enabled from the internal version in Ticket 18.