Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cluster not Reachable when exec Authentication is used #6517

Open
hofq opened this issue Mar 25, 2024 · 1 comment
Open

Cluster not Reachable when exec Authentication is used #6517

hofq opened this issue Mar 25, 2024 · 1 comment
Labels
area/kubernetes ☸️ kind/bug 🐞 Something isn't working

Comments

@hofq
Copy link

hofq commented Mar 25, 2024
edited
Loading

Bug description

For Authentication on Prod we use azure/kubelogin. It seems like it is not compatible to Podman Desktop

Operating system

macos sonoma 14

Installation Method

Brew (macOS)

Version

1.8.0

Steps to reproduce

  • Open Podman Desktop
  • Select AWS Cluster, authenticated with kubelogin from azure or with aws-iam-authenticator
  • Receive Error below

Relevant log output

No response

Additional context

grafik

User Authentication snippet Kubelogin:

user:
- name: azure-user-roc-kubelogin
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - get-token
      - "--environment"
      - AzurePublicCloud
      - "--server-id"
      - <client id>
      - "--client-id"
      - <client id>
      - "--tenant-id"
      - <tenant id>
      command: kubelogin
      env: null
      interactiveMode: IfAvailable
      provideClusterInfo: false

Used Package for auth:
https://github.com/Azure/kubelogin

User Authentication snippet Kubelogin:

- name: user-1.eksctl.io
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - token
      - "-i"
      - roc-prod
      command: aws-iam-authenticator
      env:
      - name: AWS_STS_REGIONAL_ENDPOINTS
        value: regional
      - name: AWS_DEFAULT_REGION
        value: eu-central-1
      interactiveMode: IfAvailable
      provideClusterInfo: false
@hofq hofq added the kind/bug 🐞 Something isn't working label Mar 25, 2024
@hofq hofq changed the title Cluster not Reachable when Azure/Kubelogin is used Cluster not Reachable when exec Authentication is used Mar 25, 2024
@kwkelly
Copy link

kwkelly commented May 3, 2024
edited
Loading

I get the same error using exec authentication with aws.

I suspect this has to do with the availability (or lack thereof) of the command for the exec in the path.

I have the aws command installed at /usr/local/bin/aws, and if I start podman desktop and omit /usr/local/bin from the PATH (e.g. PATH=/usr/bin open /Applications/Podman\ Desktop.app/), I get the TypeError: Cannot read properties of null (reading 'toString')) error.

On the other hand, if I make sure that authentication command is available in my path (e.g. PATH=/usr/local/bin:/usr/bin open /Applications/Podman\ Desktop.app/), it works just fine.

So in your kube config file, you can add the path where the command is installed as part of the env config.

env:
   - name: PATH
     value: $PATH:/usr/local/bin

you'll have to do this for each user/context. You could also add the command to one of your global paths (on macos those that are in /etc/paths)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/kubernetes ☸️ kind/bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kwkelly @lstocchi @hofq @podman-desktop-bot