search

IBM-Cloud / bluemix-go

Go library for accessing the Bluemix API
Apache License 2.0
37 stars 86 forks source link

`GetClusterConfig` API failing for Private ROKS clusters #408

Open vinayakshnd opened 8 months ago

vinayakshnd commented 8 months ago

In order to fetch kubeconfig for private ROKS cluster v4.13.15_1543 using below API https://github.com/IBM-Cloud/bluemix-go/blob/5c31bb9104f76d6bb96ab6667a521c98f8873d31/api/container/containerv1/clusters.go#L398

I am seeing below error:

Panic error runtime error: slice bounds out of range [8:0]goroutine 1 [running]:
runtime/debug.Stack()
        /usr/local/go/src/runtime/debug/stack.go:24 +0x65
runtime/debug.PrintStack()
        /usr/local/go/src/runtime/debug/stack.go:16 +0x19
github.com/IBM-Cloud/bluemix-go/api/container/containerv1.PanicCatch({0x7557c0?, 0xc0001e2300?})
        /root/go/pkg/mod/github.com/!i!b!m-!cloud/bluemix-go@v0.0.0-20231026045515-5c31bb9104f7/api/container/containerv1/openshift.go:88 +0x1ac
github.com/IBM-Cloud/bluemix-go/api/container/containerv1.(*clusters).FetchOCTokenForKubeConfig.func1()
        /root/go/pkg/mod/github.com/!i!b!m-!cloud/bluemix-go@v0.0.0-20231026045515-5c31bb9104f7/api/container/containerv1/openshift.go:109 +0x30
panic({0x7557c0, 0xc0001e2300})
        /usr/local/go/src/runtime/panic.go:884 +0x212
github.com/IBM-Cloud/bluemix-go/api/container/containerv1.(*clusters).FetchOCTokenForKubeConfig(0xc0001ba080, {0xc00013e000, 0x215, 0x216}, 0xc00037b138, 0x0)
        /root/go/pkg/mod/github.com/!i!b!m-!cloud/bluemix-go@v0.0.0-20231026045515-5c31bb9104f7/api/container/containerv1/openshift.go:157 +0xf5b
github.com/IBM-Cloud/bluemix-go/api/container/containerv1.(*clusters).GetClusterConfig(0xc0001ba080, {0x7ffff54012c1, 0xd}, {0x7ffff54012d5, 0x8}, 0x1, {{0x0, 0x0}, {0x0, 0x0}, ...})
        /root/go/pkg/mod/github.com/!i!b!m-!cloud/bluemix-go@v0.0.0-20231026045515-5c31bb9104f7/api/container/containerv1/clusters.go:469 +0xc98
main.main()
        /root/go/src/github.com/vinayakshnd/ibm/ibm-kubeconfig.go:144 +0x9ea
2023/11/07 10:04:32 Could not login to openshift account runtime error: slice bounds out of range [8:0]
exit status 1

Notes:

  1. My code is using fairly recent version of the SDK i.e. bluemix-go@v0.0.0-20231026045515-5c31bb9104f7
  2. This issue is only seen for ROKS private clusters and not for ROKS public clusters (clusters with both private and public endpoints)
  3. Running this API from machine which has access to private ROKS cluster (deployed in same subnet) also faces this same issue.
hkantare commented 8 months ago

@mihivagyok Can you comment on this

mihivagyok commented 8 months ago

Hi @vinayakshnd !

What is the value of the cMeta *ClusterInfo in your case? But maybe you cannot do that.

So can you try the example code? https://github.com/IBM-Cloud/bluemix-go/tree/5c31bb9104f76d6bb96ab6667a521c98f8873d31/examples/container/download_config

I believe you cannot get some clusterData and that's why some parameters are empty in your case.

Thanks! Adam

mihivagyok commented 8 months ago

Or please use the GetClusterConfigDetail function instead. I think that is the proper function. Thanks!

mihivagyok commented 8 months ago

@vinayakshnd

So the code you are using is not updated in past years. Also, the ROKS 4.13 has changed: it uses VPE Gateway as MasterURL, so the code tries to connect to that. Unfortunately, the code does not check for error, and that's why it is panic. But the main problem is the access problem: you cannot access the VPE Gateway from your client. https://cloud.ibm.com/docs/openshift?topic=openshift-cs_versions_413#413_before

My advise is to use the containersv2/GetClusterConfigDetail function and set the endpoint parameter to private. That will solve the issue for you.

I can add some error handling, but it won't solve your issue.

Thanks! Adam

mihivagyok commented 8 months ago

https://github.com/IBM-Cloud/bluemix-go/pull/409

With this, you would get something like this:

2023/11/07 18:12:38 Get "https://ckk2620l0jks2kmn46bg.vpe.private.eu-gb.containers.cloud.ibm.com:30766/.well-known/oauth-authorization-server": dial tcp: lookup ckk2620l0jks2kmn46bg.vpe.private.eu-gb.containers.cloud.ibm.com: no such host
exit status 1

More detail on endpoint parameter: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/container_cluster_config

Thanks!

mihivagyok commented 8 months ago

@vinayakshnd Hi! Do you have any update? Does my proposed change work for you?

Thanks, Adam