Relative paths are not handled properly in the kubeconfig (at least for certificate-authority).

[illume]

Description

Relative paths are not handled properly in the kubeconfig (at least for certificate-authority).

File and path references in a kubeconfig file are relative to the location of the kubeconfig file. File references on the command line are relative to the current working directory. In $HOME/.kube/config, relative paths are stored relatively, and absolute paths are stored absolutely. -- https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#file-references

@marians identified an issue at https://github.com/kinvolk/headlamp/issues/112#issuecomment-762953053

I identified another reason that caused headlamp to exit. In my kubeconfig I had cluster entries with relative path in certificate-authority. The path was relative from my ~/.kube directory. For kubectl that seems to work, but the headlamp backend exits with this error:

Headlamp Server API Routers: 2021/01/19 17:15:57 Failed to add certificate:open certs/gs-gollum/k8s-ca.crt: no such file or directory After I change this to an absolute path, the backend seems to come up.

Impact

Configuration is broken where people rely on the documented relative path behaviour.

Environment and steps to reproduce

echo "no" > ~/.kube/ca.crt

Add the line to ~/.kube/ca.crt

    certificate-authority: ca.crt

The error is:

2021/01/22 19:18:15 Failed to add certificate:open ca.crt: no such file or directory

Expected behavior

It should read the ca.crt file in the config folder.

[illume]

The issue seems to be here: headlamp/backend/cmd/cluster.go

func (c *Cluster) getCAData() []byte {
    if c.config.CertificateAuthority != "" {
        pemBytes, err := ioutil.ReadFile(c.config.CertificateAuthority)
        if err == nil {
            return pemBytes
        }

        log.Fatal("Failed to add certificate:", err)
    }

    if caData := c.config.CertificateAuthorityData; len(caData) > 0 {
        return caData
    }

    return nil
}