Minikube unable to find apiserver.authentication-token-webhook-config-file

[salrashid123]

Minikube api server doesn't find a mounted config file for external authentication and authorization server.

I'm trying to update a sample about external webhook au/az but even if i mount files into the minikube, the api server canfind those files.

I can update the files but to repro, use authn.yaml and authz.yaml plus certificates

in a foler local

$ tree
.
└── webhook
    ├── authn.yaml
    ├── authz.yaml
    ├── webhook_ca.crt
    ├── webhook_plugin.crt
    └── webhook_plugin.key

then start minikube

$ minikube start  \
      --driver=docker \
      --mount  \
      --mount-string=`pwd`/webhook:/webhook \
      --extra-config apiserver.authentication-token-webhook-config-file=/webhook/authn.yaml \
      --extra-config apiserver.authorization-mode=Webhook \
      --extra-config apiserver.authorization-webhook-config-file=/webhook/authz.yaml

i can confirm the files are mounted into minikube

root@minikube:/webhook# ls -lart
total 32
-rw------- 1 80447 89939 1675 Sep 26 13:30 webhook_plugin.key
-rw-r--r-- 1 80447 89939 1517 Sep 26 13:30 webhook_plugin.crt
-rw-r--r-- 1 80447 89939 4183 Sep 28 13:27 webhook_ca.crt
-rw-r--r-- 1 80447 89939  463 Sep 28 13:28 authz.yaml
-rw-r--r-- 1 80447 89939  466 Sep 28 13:28 authn.yaml

but the api server can't find them

minikube startup: https://gist.github.com/salrashid123/4f1da7cc5310b450e524149f517a8ae8

apiServer logs show:

root@minikube:/var/log/pods/kube-system_kube-apiserver-minikube_5526d1c63d08b5f26414b54efe404b0f/kube-apiserver# cat 5.log
{"log":"Flag --insecure-port has been deprecated, This flag will be removed in a future version.\n","stream":"stderr","time":"2020-10-04T13:23:47.856330447Z"}
{"log":"I1004 13:23:47.856297       1 server.go:625] external host was not specified, using 172.17.0.3\n","stream":"stderr","time":"2020-10-04T13:23:47.856368867Z"}
{"log":"I1004 13:23:47.856506       1 server.go:163] Version: v1.19.2\n","stream":"stderr","time":"2020-10-04T13:23:47.856550587Z"}
{"log":"Error: stat /webhook/authn.yaml: no such file or directory\n","stream":"stderr","time":"2020-10-04T13:23:48.153965006Z"}

---

just fyi, #8661

[RA489]

/kind support

[mecampbellsoup]

The reason is because the kube-apiserver runs as a static pod in its own container, separate from the host. So your file is likely not mounted into the container you need it to be mounted in.

See: #2767 (comment)

[sharifelgamal]

@mecampbellsoup is correct here. All mount does here is mount the file into the minikube container itself. If you want to mount the file into your pod, you can use a hostpath volume

[sharifelgamal]

I'm going to go ahead and close this issue. Feel free to reopen if you have further issues or questions.

[salrashid123]

thanks for the input (sorry, i didn't get a chance to understand and then try it out). If i figure out how to do this, i'll update the repo i cited here

• https://github.com/salrashid123/k8s_webhook_helloworld << that used to work and i'm trying to make it work w/ the current config.

i'll update this when i get it going,

thx.