sebgoa
commented
7 years ago Hi @bleggett can you tell us which version of kubeless, running on which version of kubernetes and which serverless-kubeless version you are using ?
Closed bleggett closed 7 years ago
sebgoa
commented
7 years ago Hi @bleggett can you tell us which version of kubeless, running on which version of kubernetes and which serverless-kubeless version you are using ?
andresmgot
commented
7 years ago Unable to find required information for authenticating against the cluster that means that there is not enough information in the local Kubernetes configuration to connect to the cluster. Can you access your cluster using kubectl?
bleggett
commented
7 years ago Kubernetes: 1.7.5 (installed on AWS via Tectonic). Kubeless: 0.2.3 Serverless: 1.23.0 Serverless-Kubeless: 0.2.1 (latest git)
Kubectl works fine, been deploying YAMLs and helm charts with no problems.
andresmgot
commented
7 years ago There are three possibilities for authenticating against a cluster:
It seems that the plugin failed to retrieve all of the above options so it cannot connect to the cluster, do you mind sending the output of the commandkubectl config view? (without sending sensible data). We may be missing a valid configuration setup.
bleggett
commented
7 years ago apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://ben-tectonic-api.test.example.com:443
name: ben-tectonic
contexts:
- context:
cluster: ben-tectonic
user: tectonic-oidc
name: tectonic
current-context: tectonic
kind: Config
preferences: {}
users:
- name: tectonic-oidc
user:
auth-provider:
config:
client-id: tectonic-kubectl
client-secret: XXXXXXXXXXXXXXXXX
extra-scopes: groups
id-token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
idp-certificate-authority-data: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
idp-issuer-url: https://ben-tectonic.test.example.com/identity
refresh-token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
name: oidcI see, we don't have support for OIDC authentication yet. Regarding the documentation, the id-token should be enough to authenticate the user. To double check, can you execute the following?
curl https://ben-tectonic-api.test.example.com:443/api --header "Authorization: Bearer XXXXXXXXXX" --insecuresubstituting XXXXXXXXXX for your id-token. It should return:
{
"versions": [
"v1"
]
}if that is correct we can add support to that kind of token
bleggett
commented
7 years ago Yep, that returned:
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "XX.XXX.XX.56"
}
]
}@bleggett I merged a patch, can you check if it works for you? To test it execute:
cd /path/to/your/function/node_modules/
rm -rf serverless-kubeless
git clone https://github.com/serverless/serverless-kubeless
cd serverless-kubeless
npm install
cd ../../
sls deployI will release a new version once we can confirm that the patch works.
bleggett
commented
7 years ago LGTM. Thanks guys!
andresmgot
commented
7 years ago We just released the version v0.2.2 that fix that include the fix. Thanks for reporting!
Running
serverless deployin any project folder results in the following:I'm running on a cluster with RBAC, and am using the RBAC-enabled version of Kubeless, so I expect that's what's causing this.