search

swiftkube / client

Swift client for Kubernetes
Apache License 2.0
129 stars 20 forks source link

KubernetesClient can't create x509 authentication from local kubeconfig's certificate data and key #1

Closed spprichard closed 3 years ago

spprichard commented 3 years ago

I am trying to use this package with a local Kind cluster

Initially I tried this 

let client = KubernetesClient()

let deployments = try client?.appsV1.deployments.list(in:.allNamespaces).wait()
deployments?.forEach { print($0) }

I expected to see each deployment printed out. However, there was no output to the console.

I then tried passing in a Logger..

import SwiftkubeClient
import Logging

let logger = Logger(label: "com.example.swift.k8s.demo")

let client = KubernetesClient(logger: logger)

let deployments = try client?.appsV1.deployments.list(in:.allNamespaces).wait()
deployments?.forEach { print($0) }

With this I get some output 

2020-11-25T21:16:18-0600 warning com.example.swift.k8s.demo : Skipping service account kubeconfig because either KUBERNETES_SERVICE_HOST or KUBERNETES_SERVICE_PORT is not set

I then set those environment variables and get this output

2020-11-25T21:23:41-0600 warning com.example.swift.k8s.demo : Did not find service account token at /var/run/secrets/kubernetes.io/serviceaccount/token

I guess this is a long winded way of saying, how can I get the KubernetesClient to use my local .kube/config? What am I doing wrong? Has anyone tried using Kind with this project? I think the only way for this to work is to have it run in a pod?

spprichard commented 3 years ago

Some follow up on this...

I think I have narrowed down my issue to this line https://github.com/swiftkube/client/blob/main/Sources/SwiftkubeClient/Config/KubernetesClientConfig.swift#L74

As far as I can tell, when creating a K8sClient, it tries to use the LocalFileConfigLoader first, which appears to try to load the local /.kube/config

When looking at my local kube config, I see this for the active context's config. 

- name: kind-kind
  user:
    client-certificate-data: <REDACTED>
    client-key-data: <REDACTED>

It appears to me that the LocalFileConfigLoader defaults to use basicAuth when the kube config does not have that information for the current context. image

Not sure if this helps, but wanted to append this to the info above

iabudiab commented 3 years ago

@spprichard Hey there, thanks for the issue 👍

The function AuthInfo.authentication() tries all the possible authentication types (basic, token, cert) starting with basic-auth.

See here: https://github.com/swiftkube/client/blob/4d200b114333387d81fd505c686272b5cf5f2394/Sources/SwiftkubeClient/Config/KubernetesClientConfig.swift#L172

The bug is in one of the CodingKeys in the AuthInfo struct.

I'll push a fix in a couple of minutes. You can use the main branch for now instead of version 0.1.0