Open Dentrax opened 11 months ago
g3rzi
commented
11 months ago It should work, but even if not, it shouldn't throw panic.
I didn't test this binary in macOs, but I can check tomorrow, maybe I will be able to do it.
To troubleshoot I have a number of questions.
If you run the below command:
curl -k https://10.11.12.13:10250/metrics/cadvisor Do you receive any results?
Another question, If you run:
kubeletctl -s 10.11.12.13 healthzDoes it work?
Dentrax
commented
11 months ago I think you can't auth to kubelet from the local:
curl -s -k https://10.11.12.13:10250/metrics/cadvisor
UnauthorizedYou should pass the necessary certs: (on remote host)
curl -s -k https://localhost:10250/metrics/cadvisor --cert /etc/kubernetes/ssl/apiserver-kubelet-client.crt --key /etc/kubernetes/ssl/apiserver-kubelet-client.keyhealthz is working as expected:
kubeletctl -s 10.11.12.13 healthz
[*] Using KUBECONFIG environment variable
[*] You can ignore it by modifying the KUBECONFIG environment variable, file "~/.kube/config" or use the "-i" switch
okThank you for providing that information.
The healthz API worked for you so there is no problem with the compilation of the binary.
But there is some problem with the /metrics/cadvisor API.
In your example, you wrote the command like that:
kubeletctl -s 10.11.12.13 metrics cadvisorYou didn't specify any certificates so the result should also be Unauthorized when using kubeletctl.
We will test this API again and update it here.
g3rzi
commented
11 months ago Small update.
When I tested it I canceled the AuthN and AuthZ just for tests:
sed -i '/^authentication:$/,/^ webhook:$/ s/^\(\s*enabled:\s*\)false/\1true/' /var/lib/kubelet/config.yaml
sed -i '/^authorization:$/,/^ webhook:$/ s/^\(\s*mode:\s*\)Webhook/\1AlwaysAllow/' /var/lib/kubelet/config.yamlTo restore:
sed -i '/^authentication:$/,/^ webhook:$/ s/^\(\s*enabled:\s*\)true/\1false/' /var/lib/kubelet/config.yaml
sed -i '/^authorization:$/,/^ webhook:$/ s/^\(\s*mode:\s*\)AlwaysAllow/\1Webhook/' /var/lib/kubelet/config.yamlIn my case, on Ubuntu 22.04 LTS the command worked:
./build/kubeletctl_linux_amd64 -i metrics cadvisorI received all the information.
The question is if the problem is because of using it on macOs or your metrics\cadvisor data cause it.
We will keep investigating.
I will check if I can run it on macOs and test it.
g3rzi
commented
11 months ago @Dentrax
I was able to reproduce it in MacOs Intel.
What CPU you have? Intel\M1\M2 ? You can run the commands:
sysctl -n machdep.cpu.brand_string
uname -aI want to know if it happens on M1 or M2.
My next plan is to debug it on macOs.
Dentrax
commented
6 months ago Hey, sorry missed your comment. @g3rzi
Apple M1 Max
Darwin REDACTED 22.6.0 Darwin Kernel Version 22.6.0: Fri Sep 15 13:41:28 PDT 2023; root:xnu-8796.141.3.700.8~1/RELEASE_ARM64_T6000 arm64Can you try to build the code with darwin/arm64 (following @Rajchowdhury420 PR #38) and then test it?
Rajchowdhury420
commented
2 months ago only with darwin/arm64 works fine.
Summary
Provide brief overview and context for the discovered bug.
Steps to Reproduce
curl -LO https://github.com/cyberark/kubeletctl/releases/download/v1.11/kubeletctl_darwin_amd64 && chmod a+x ./kubeletctl_darwin_amd64 && mv ./kubeletctl_darwin_amd64 /usr/local/bin/kubeletctlkubeletctl -s 10.11.12.13 metrics cadvisorExpected Results
It should work?
Actual Results
Throws panic.
Reproducible
Version/Tag number
1.11
K8s: v1.23.7
Environment setup
macOS
Additional Information
Add any other context about the problem here.