Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-70416] Ensure auto-configure is disabled when auth is provided #1337

Merged
merged 3 commits into from Mar 22, 2023
Merged

[JENKINS-70416] Ensure auto-configure is disabled when auth is provided #1337

merged 3 commits into from Mar 22, 2023

Conversation

Dohbedoh
Copy link
Contributor

@Dohbedoh Dohbedoh commented Mar 17, 2023
edited

JENKINS-70416

Whenever authentication is provided in the Kubernetes plugin, we do not want to be impacted by the automatic Config refresh mechanism (like the token refresh for example) of the fabric8/kubernetes-client: https://github.com/fabric8io/kubernetes-client/blob/v6.4.1/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java#L637-L651. We might however still want to use the autoconfigure when initializing the ConfigBuilder object if configuring a Kubernetes Cloud in the same cluster but in a different namespace or with a different auth.

Fix the token refresh problem in a multi-namespaced / same cluster scenario. Where different serviceaccount (with token) are used in other namespaces and a Secret Text credentials is used to connect to those other namespaces. In such a scenario, you do not need to provide the Kubernetes URL and the CA Certificate that can be inferred from the environment.

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@Dohbedoh Dohbedoh requested a review from a team as a code owner March 17, 2023 05:19
@Vlatombe Vlatombe added the bug Bug Fixes label Mar 22, 2023
@Vlatombe Vlatombe merged commit adce992 into jenkinsci:master Mar 22, 2023
5 checks passed
@Dohbedoh Dohbedoh deleted the JENKINS-70416 branch March 23, 2023 00:02
@o4rz3l
Copy link

o4rz3l commented Jun 27, 2023
edited

Hi,
i'm not sure whether this is related, but using the plugin version 3937.vd7b_82db_e347b_ together with Openshift 4.10.45, we get an error "Caused by: java.io.IOException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" while using "Secret Text" Kubernetes Token as Credential.

Using "none" as credential restores functionality.
We can see, that the autoconfigure is not used in the "fine" log, while it is used without credentials.

Is it possible, that there is a relation?
Best regards!
FYI @Dohbedoh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vlatombe Vlatombe Vlatombe approved these changes

Assignees
No one assigned
Labels
bug Bug Fixes
Projects
None yet
Milestone
No milestone
3 participants
@Dohbedoh @o4rz3l @Vlatombe