Feat: Run inside a cluster by evaluating incluster config #3088
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background
Assuming you want to execute k9s inside a POD directly inside the Kubernetes cluster you want to manage with k9s, currently you need to create a dedicated kubeconfig file for this.
But if the POD (k9s is running inside) is configured with a ServiceAccount, also the incluster config is available. If the Go client library is used (as k8s does), this is also automatically evaluated.
k9s has the feature to switch contexts. For this internal/client/config.go is doing currently some non standard logic to makes this possible. It assumes that the fields
Clusters,AuthInfos,ContextsandCurrentContextofk8s.io/client-go/tools/clientcmd/api.Confighas always values, which is not the case in case of incluster config; the same applies for mostly all fields ofk8s.io/cli-runtime/genericclioptions/ConfigFlags.Summary of changes
This adjustment detect if all of those fields are empty and creates in this case a kind of mock context to be compatible with the regular behavior of k9s. It is important to note: The Go client library only offers the possibility to either run with a regular kubeconfig file OR incluster config; it cannot both together.
Note on testing
The Go client library evaluates the fixed environment variables
KUBERNETES_SERVICE_HOSTandKUBERNETES_SERVICE_PORT, this is not a problem to set inside tests. But it also evaluates the following files:/var/run/secrets/kubernetes.io/serviceaccount/ca.crt/var/run/secrets/kubernetes.io/serviceaccount/token/var/run/secrets/kubernetes.io/serviceaccount/namespace(in some cases also environment variablePOD_NAMESPACEapplies)... the problem with this files, for regular testing they're located in areas where a regular user cannot write to and tests cannot be executed concurrently - and you cannot changes this location, they are hardcoded. Therefore I've tested everything locally and ensured all the other behaviors (with kubeconfig files) works as before.
User noticeable change
As a consequence, if now k9s is started inside a POD which does have a correct configured ServiceAccount, it works without any configurations.