Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kind create cluster creates same kubeconfig user name for each cluster #112

Closed
font opened this issue Nov 14, 2018 · 15 comments
Closed

kind create cluster creates same kubeconfig user name for each cluster #112

font opened this issue Nov 14, 2018 · 15 comments
Assignees
@BenTheElder
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/design Categorizes issue or PR as related to design. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
2019 goals

Comments

@font
Copy link

font commented Nov 14, 2018

When creating multiple clusters with kind create cluster --name <name> the kubeconfig for each cluster specifies the same user name of kubernetes-admin. This becomes a problem when trying to use multiple kubeconfigs in KUBECONFIG because the user name overlaps with each of the configs. For example:

$ export KUBECONFIG="$(kind get kubeconfig-path):$(kind get kubeconfig-path --name 2)"
$ kubectl --context=kubernetes-admin@kind-2 get all --all-namespaces
error: the server doesn't have a resource type "all"

Instead each auth user name should include the --name of the kind cluster when specified in the kind create cluster --name <name> command.
@font font mentioned this issue Nov 14, 2018
Closed
@BenTheElder
Copy link
Member

/assign
/kind bug
/priority important-soon

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Nov 14, 2018
@font font mentioned this issue Nov 17, 2018
Merged
@BenTheElder
Copy link
Member

this seems to be kubernetes/kubeadm#416, looking into options...

@BenTheElder
Copy link
Member

I asked in #sig-cluster-lifecycle, so far I don't think there's an answer for this. Following up...

@BenTheElder BenTheElder added this to the 2019 goals milestone Feb 11, 2019
@BenTheElder BenTheElder added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Feb 11, 2019
@BenTheElder
Copy link
Member

@neolit123 @fabriziopandini WDYT?
Afaict we'd have to provision our own user and matching kubeconfig.

@marckhouzam
Copy link

I've hit this problem previously while using multiple k8s clusters. Turns out one can use the same username in all your clusters. What needs to be tweaked in the kubeconfig file is changing the name field of the user to something unique and add the username field under users.user to be kubernetes-admin.

I'll try my hand at writing a PR for it.

@marckhouzam
Copy link

Ah, I see that it is kubeadm that generates the kubeconfig file and may not allow what kind needs for this. I'll have a look at kubeadm some more. But modifying the kubeconfig file after it is generated would be an option.

@marckhouzam
Copy link

Ok, I've got things working. Here is what the new kubeconfig file looks like for a cluster named mycluster in case people want to manually make the changes for themselves:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://localhost:58039
  name: mycluster
contexts:
- context:
    cluster: mycluster
    user: kubernetes-admin-mycluster
  name: kubernetes-admin@mycluster
current-context: kubernetes-admin@mycluster
kind: Config
preferences: {}
users:
- name: kubernetes-admin-mycluster
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
    username: kubernetes-admin

I just need to get official approval from my employer to do the PR. Should be a couple of days.

marckhouzam added a commit to VilledeMontreal/kind that referenced this issue May 9, 2019
@marckhouzam
Modify kubeconfig for multiple clusters (kubernetes-sigs#112)
e03994e 
kubeadm does not currently allow to configure a user reference id,
and instead always uses kubernetes-admin.  This causes a problem
when we create multiple clusters with Kind and want to use
each corresponding kubeconfig file at the same time in KUBECONFIG.

Until kubeadm supports configuring a user reference id, the only
option to fix this for Kind is to modify the kubeconfig file that
kubeadm provides.  As Kind already did this with the server name,
it made sense to take the logic further and also make the user
reference id unique to a cluster.

Three approaches were considered:

1- continue with the current approach of parsing each line of
   the admin.conf kubeconfig file, and make the modifications
   necessary.  After implementing this approach, the solution
   seemed quite brittle as it uses regex but no yaml structure.

2- use the go package yaml.v2 to -fully- parse the yaml of the
   admin.conf kubeconfig file, make the modifications, and then
   output the new yaml kubeconfig file.  This solution requires
   to define a detailed struct of every field contained in the
   original yaml file. Having to map every field in advance is
   brittle as any modification that kubeadm may make to the file
   in the future would require adaptation in Kind.

3- use the go package yaml.v2 to -generically- parse the yaml of
   the admin.conf kubeconfig file, make the modifications, and then
   output the new yaml kubeconfig file.  This solution only
   accesses the yaml fields that are required to be modified.
   Although any future changes from kubeadm to those fields would
   require modifications in Kind, modifications to all other fields
   would not.

This commit implements solution #3 which was felt to be the most
future-proof and least brittle of the three.

Signed-off-by: Marc Khouzam <marc.khouzam@ville.montreal.qc.ca>
@marckhouzam marckhouzam mentioned this issue May 9, 2019
Closed
@discreet
Copy link

It seems that when I add username with accounts that use a token I get a multiple auth error:

eg:

users:
  - name: foo
    user:
      token: bar
      username: baz

But when I add username to users it seems to work until I change my context then it is removed from my kubeconfig.

eg:

users:
  - name: foo
    user:
      token: bar
    username: baz

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 20, 2019
@aojea
Copy link
Contributor

aojea commented Aug 20, 2019

/remove-lifecycle stale
This pops up from time to time in the channel

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 20, 2019
@BenTheElder BenTheElder added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. kind/design Categorizes issue or PR as related to design. kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. and removed priority/backlog Higher priority than priority/awaiting-more-evidence. labels Aug 21, 2019
@BenTheElder BenTheElder mentioned this issue Sep 11, 2019
Closed
@BenTheElder
Copy link
Member

see: #850, proposing to solve this along with other changes

@BenTheElder
Copy link
Member

fixing in #850. kind clusters will have unique entries. have this part implemented pretty cleanly.

@BenTheElder
Copy link
Member

/lifecycle active

@k8s-ci-robot k8s-ci-robot added lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. and removed lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. labels Oct 30, 2019
@BenTheElder BenTheElder mentioned this issue Oct 30, 2019
Merged
@aojea
Copy link
Contributor

aojea commented Oct 31, 2019

/close
fixed by #1029
thanks for the great feedback

@k8s-ci-robot
Copy link
Contributor

@aojea: Closing this issue.

In response to this:

/close
fixed by #1029
thanks for the great feedback

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sstubbs sstubbs mentioned this issue Oct 24, 2020
Closed
stg-0 pushed a commit to stg-0/kind that referenced this issue Jun 20, 2023
@kahun
Merge pull request kubernetes-sigs#112 from kahun/fix/gcp_security_po…
cb201fc 
…licy

[EOS-11379] Soportar Kubernetes v1.25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BenTheElder BenTheElder

Labels
kind/bug Categorizes issue or PR as related to a bug. kind/design Categorizes issue or PR as related to design. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
2019 goals
Development

No branches or pull requests
7 participants
@marckhouzam @BenTheElder @font @discreet @aojea @k8s-ci-robot @fejta-bot