New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JENKINS-49817] Support kubeconfig from secretFile credentials #294

Merged
merged 3 commits into from Mar 20, 2018

Conversation

Projects
None yet
2 participants
@colemickens

colemickens commented Mar 13, 2018

Note: this is a WIP because it is blocked by this PR on the fabric8 kubernetes-client: config: support loading from kubeconfig string.

* Updates to the 3.x version of the kubernetes-client package

  • Supports kubeconfig files (secretFile credentails) as cluster credentials

I have (minimally) tested it, however. Sending it now so people can take a look. I'll update the title when it's no longer blocked.

This is my preferred way of handling all credentials for kubernetes clusters, whenever the credentials are "portable" and sealed. For example, when producing limiting service accounts in remote namespaces and then generating kubeconfigs for them.

Fixes: JENKINS-49817

@colemickens

This comment has been minimized.

colemickens commented Mar 13, 2018

The code was merged in kubernetes-client. Just need to wait for a release and then I'll update this PR.

@carlossg

This comment has been minimized.

carlossg commented Mar 13, 2018

so this depends on #271

@colemickens

This comment has been minimized.

colemickens commented Mar 13, 2018

Great! I hadn't seen that you'd sent a PR for that already. I had patched up any other API breakages myself in this PR as well.

Is there anything I can do to help with #271 in this case? Never mind, I see you're waiting on a release as well.

@colemickens

This comment has been minimized.

colemickens commented Mar 16, 2018

Hello @carlossg. The fabric8 folks have released 3.1.10. I have updated this PR to consume this package.

mvn clean install is working, all tests are passing.

@colemickens colemickens changed the title from WIP: Bump to 3.x of kubernetes-client & support `kubeconfig` from secretFile creds to Bump kubernetes-client to v3.1.10; Support `kubeconfig` from secretFile creds Mar 16, 2018

@colemickens

This comment has been minimized.

colemickens commented Mar 16, 2018

(Updating PR title and description, it's no longer a WIP.)

@carlossg

This comment has been minimized.

carlossg commented Mar 16, 2018

you would need to also add the option to

And add some tests

@carlossg carlossg changed the title from Bump kubernetes-client to v3.1.10; Support `kubeconfig` from secretFile creds to Support kubeconfig from secretFile credentials Mar 16, 2018

@colemickens

This comment has been minimized.

colemickens commented Mar 17, 2018

The change to doFillCredentialsIdItems is already in the commit though? Or else I don't know what else is needed? (it looks like there's two. I had added it to KubernetesCloud already. I've added it in KubectlBuildWrapper as well, now that kubeconfig works there too.)

What is KubectlBuildWrapper? How do I sanity test a change to it?

I'll work on tests.

@colemickens

This comment has been minimized.

colemickens commented Mar 17, 2018

Actually, I see what KubectlBuildWrapper is, it already works with kubeconfig so this is straightforward.

Any pointers on what test(s) you are looking for? The net change boils down to calling a single method from the client package and I don't see any existing auth-related tests.

@colemickens

This comment has been minimized.

colemickens commented Mar 17, 2018

With the latest commit, I have tested a declarative pipeline and a freestyle script with the kubectl wrapper. Both are working as expected.

String kubeconfigContents = reader.lines().collect(Collectors.joining("\n"));
Config config = Config.fromKubeconfig(kubeconfigContents);
builder = new ConfigBuilder(config);
reader.close();

This comment has been minimized.

@carlossg

carlossg Mar 19, 2018

the block should be in a try/catch/finally

BufferedReader reader = new BufferedReader(new InputStreamReader(configStream, StandardCharsets.UTF_8));
String kubeconfigContents = reader.lines().collect(Collectors.joining("\n"));
configFile.write(kubeconfigContents, null);
reader.close();

This comment has been minimized.

@carlossg

carlossg Mar 19, 2018

the block should be in a try/catch/finally

@colemickens

This comment has been minimized.

colemickens commented Mar 20, 2018

I fixed up both of those spots.

@carlossg carlossg changed the title from Support kubeconfig from secretFile credentials to [JENKINS-49817] Support kubeconfig from secretFile credentials Mar 20, 2018

Use try with resources
and reorder Config creation flow
@carlossg

This comment has been minimized.

carlossg commented Mar 20, 2018

I have switched to try with resources and simplify a bit the code.

@colemickens

This comment has been minimized.

colemickens commented Mar 20, 2018

Thanks @carlossg, I like the commit you made.

@carlossg carlossg merged commit d76e72d into jenkinsci:master Mar 20, 2018

2 checks passed

continuous-integration/jenkins/pr-head This commit looks good
Details
continuous-integration/jenkins/pr-merge This commit looks good
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment