Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Kubernetes username/password auth #2308

Merged
merged 1 commit into from
Feb 6, 2020
Merged

Add support for Kubernetes username/password auth #2308

merged 1 commit into from
Feb 6, 2020

Conversation

simonferquel
Copy link
Contributor

- What I did
Added support for username/password Kubernetes authentication. The main motivation being to support k3s Kubernetes distributions.

- How I did it
Don't discard username/password fields when loading a kubeconfig file

- How to verify it
The PR comes with a unit test (same style as gke and eks test cases)

- Description for the changelog

  • Docker stack --orchestrator=kubernetes support now support username/password Kubernetes authentication (adding support for k3s)

@simonferquel
Add support for Kubernetes username/password auth
17e651d 
This is required for supporting some Kubernetes distributions such as
rancher/k3s.

It comes with a test case validating correct parsing of a k3s kubeconfig
file

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
thaJeztah
thaJeztah approved these changes Feb 4, 2020
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM

not a big fan of the plain username/password storing, but I guess that's something on the kubernetes side (and I can see it come in handy for simple setups / local development)

cli/context/kubernetes/save.go
@@ -39,6 +39,13 @@ func FromKubeConfig(kubeconfig, kubeContext, namespaceOverride string) (Endpoint
Key: key,
}
}
var usernamePassword *UsernamePassword
if clientcfg.Username != "" || clientcfg.Password != "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need the check here? Of both are empty, we'll just set an empty string (which is the default for strings)

oh, nevermind; you created a pointer so that we don't set the UsernamePassword field if we don't use it

cli/context/kubernetes/load.go
@@ -21,6 +21,13 @@ type EndpointMeta struct {
DefaultNamespace string `json:",omitempty"`
AuthProvider *clientcmdapi.AuthProviderConfig `json:",omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious; what's AuthProvider used for; is username/password not some form of that? (looking at https://github.com/kubernetes/client-go/blob/master/tools/clientcmd/api/types.go#L153-L177 it also has some sanitisation built in, so was wondering)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AuthProvider is for authentication plugins (such as GKE authentication plugin). They allow to put arbitrary json in the kubeconfig file and feed the plugin with that so that it can setup the rest.Client accordingly. It is not related to the basic auth scheme.

@simonferquel
Copy link
Contributor Author

@silvin-lubecki would probably want to have a look as well.

silvin-lubecki
silvin-lubecki approved these changes Feb 6, 2020
View reviewed changes
Copy link
Contributor

@silvin-lubecki silvin-lubecki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you @simonferquel !

@silvin-lubecki silvin-lubecki mentioned this pull request Feb 6, 2020
Closed
@silvin-lubecki silvin-lubecki merged commit 2dcd4d3 into docker:master Feb 6, 2020
@thaJeztah thaJeztah added this to the next milestone Feb 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@silvin-lubecki silvin-lubecki silvin-lubecki approved these changes

Assignees
No one assigned
Labels
area/context area/kubernetes impact/changelog kind/enhancement status/2-code-review
Projects
None yet
Milestone
20.10.0
Development

Successfully merging this pull request may close these issues.
4 participants
@simonferquel @thaJeztah @silvin-lubecki @GordonTheTurtle