Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds a fix to include CA data in generated kubeconfig #1226

Merged
merged 1 commit into from
Dec 27, 2019
Merged

Adds a fix to include CA data in generated kubeconfig #1226

merged 1 commit into from
Dec 27, 2019

Conversation

faiq
Copy link
Contributor

@faiq faiq commented Dec 26, 2019

What this PR does / why we need it:

Currently when generating KubeConfig Kudo is not reading the files for CA when generating a KubeConfig within the test context that it is running in. This comes into play if you have a component that is using the generated Kubeconfig to make calls to the Kubernetes API within your test. According to the docs ca bundles are handled like so when accessing the k8s api using a service account:

If available, a certificate bundle is placed into the filesystem tree of each container at /var/run/secrets/kubernetes.io/serviceaccount/ca.crt, and should be used to verify the serving certificate of the apiserver.

This patch simply reads that file and loads it into the kubeconfig that the rest of the tests use. Here is a spew dump of the TLSConfig from my patched fix:

2019/12/26 21:41:38 (rest.TLSClientConfig) rest.sanitizedTLSClientConfig{Insecure:false, ServerName:"", CertFile:"", KeyFile:"", CAFile:"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", CertData:[]uint8(nil), KeyData:[]uint8(nil), CAData:[]uint8(nil), NextProtos:[]string(nil)}

Please let me know how to proceed!

oliviabarrick
oliviabarrick reviewed Dec 26, 2019
View reviewed changes
pkg/test/utils/kubernetes.go Outdated
var CAData []byte
var err error
if len(cfg.TLSClientConfig.KeyData) != 0 {
CAData = cfg.TLSClientConfig.CAData
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use the LoadTLSFiles method instead? https://godoc.org/k8s.io/client-go/rest#LoadTLSFiles

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@faiq
Adds a fix to include CA data in generated kubeconfig
ba5f8a6 
Signed-off-by: faiq <faiqrazarizvi@gmail.com>
jbarrick-mesosphere
jbarrick-mesosphere approved these changes Dec 27, 2019
View reviewed changes
Copy link
Member

@jbarrick-mesosphere jbarrick-mesosphere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this!

@kensipe
Copy link
Member

kensipe commented Dec 27, 2019

noice!

@kensipe kensipe merged commit fddf492 into kudobuilder:master Dec 27, 2019
ANeumann82 pushed a commit that referenced this pull request Feb 13, 2020
@faiq @ANeumann82
Adds a fix to include CA data in generated kubeconfig (#1226)
c1b5c1d 
Signed-off-by: faiq <faiqrazarizvi@gmail.com>
Signed-off-by: Andreas Neumann <aneumann@mesosphere.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kensipe kensipe kensipe approved these changes

@oliviabarrick oliviabarrick oliviabarrick approved these changes

@jbarrick-mesosphere jbarrick-mesosphere jbarrick-mesosphere approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@faiq @kensipe @oliviabarrick @jbarrick-mesosphere