-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistent use of .kubernetes_auth file format and code #2302
Comments
@ghodss @smarterclayton @derekwaynecarr I think you all might know something about this. |
Opinions:
|
I thought configuration information was going to be centralized and kubernetes_auth was being moved? |
@derekwaynecarr pointer to discussion or elaborate please. |
@erictune - sorry, see #1755 (comment) |
Okay, reading #1755 it seems like there are two use cases here:
There is a slight overlap because people might want to run kubectl in a pod from a bash script. But I think that can be addressed with a flag or subcommand to kubectl. So, what I think makes sense is to:
|
Makes sense
|
@erictune So you're proposing is that the file formats may be different, but ultimately even kubectl would use pkg/client/authfile to create a client? Or authfile is used for everything but kubectl, which is on its own? Either is fine with me, I would just want to keep the flexibility that kubectl would be allowed to keep all of its connection/auth information in a format best suited for it, e.g. in the format described in #1755 (comment). |
I agree with you that "kubectl would be allowed to keep all of its connection/auth information in a format best suited for it". But, it will need to have an option to import from the format defined by pkg/client/authfile. |
By import, I mean read file X, and either use just for current command, or save in kubectl's own file for later reuse. |
Sounds good. |
#2340 removes the duplicate format definitions and some duplicate code. Still need to standardize on flag and search path for the .kubernetes_auth file. |
And figure out what to do with client.BindClientConfigFlags. |
BindClientConfigFlags has flags that correspond to most of the fields of the authfile, plus |
As we've been centralizing our Openshift commands I've been moving things into this pattern: https://github.com/openshift/origin/blob/master/pkg/cmd/util/clientcmd/clientcmd.go So a client cli binds their flags the same way to get a client object against a master. I was considering moving it upstream once Brendan's standalone was done. Things left include making it respect an authfile and other concerns. Removing bind can follow that.
|
We should take env consistently in place of arguments - I opened spf13/cobra#33 to make that cleaner.
|
Several things do or will use a
.kubernetes_auth
file:They use different ways to specify its location:
auth-path
--auth_config
--auth
There are several routines for loading the file:
kubecfg.LoadAuthInfo
, which does prompting for user/pass if the file does not existkubectl.LoadAuthInfo
, which is identical to kubecfg code.There are several format definitions:
kubecfg.AuthInfo
kubectl.AuthInfo
which is identical to kubcfg'skubecfg.AuthInfo
indirectly.The Marshalled file contents then get copied from the kubec*.AuthInfo into the almost-but-not-quite same-named fields of
Config
inpkg/client
.Questions:
The text was updated successfully, but these errors were encountered: