search

vmware-tanzu / tanzu-cli

The Tanzu Core CLI project provides the core functionality of the Tanzu CLI. The CLI is based on a plugin architecture where CLI command functionality can be delivered through independently developed plugin binaries
Apache License 2.0
33 stars 21 forks source link

Use internal Kubeconfig file instead of default kubeconfig to store kubecontext for TAP SaaS #747

Closed prkalle closed 4 months ago

prkalle commented 4 months ago

What this PR does / why we need it

This PR made changes to switch to using the internal kubeconfig file ($HOME/.config/tanzu/kube/config kubectl') instead default kubeconfig file to store the kubecontext for TAP SaaS.

Which issue(s) this PR fixes

Fixes #

Describe testing done for PR

Logged in to TAP and able to verify the kubecontext is create in the internal kubeconfig file (~/.kube-tanzu/config kubectl)

❯  alias tk='KUBECONFIG=~/.config/tanzu/kube/config kubectl'
❯ ./bin/tanzu login
[i] API token env var is set

[ok] Successfully logged into 'Tap-SaaS-Beta3' organization and created a tanzu context
[i] Fetching recommended plugins for active context 'Tap-SaaS-Beta3'...
[ok] No recommended plugins found.
❯ ./bin/tanzu context list
  NAME            ISACTIVE  TYPE             PROJECT  SPACE
  TAP_SAAS_PRD    false     tanzu
  Tap-SaaS-Beta3  true      tanzu
  mytmc-ctx       false     mission-control  n/a      n/a
  tkg-mgmt-vc     false     kubernetes       n/a      n/a
  tt-test-selfmg  true      mission-control  n/a      n/a

[i] Use '--wide' flag to view additional columns.
❯ tk config get-contexts
CURRENT   NAME                                CLUSTER                            AUTHINFO                        NAMESPACE
*         tanzu-cli-Tap-SaaS-Beta3            tanzu-cli-Tap-SaaS-Beta3/current   tanzu-cli-Tap-SaaS-Beta3-user
          tanzu-cli-tkg-mgmt-vc@tkg-mgmt-vc   tkg-mgmt-vc                        tanzu-cli-tkg-mgmt-vc
❯ tk api-resources
NAME                        SHORTNAMES   APIVERSION                         NAMESPACED   KIND
configmaps                               v1                                 true         ConfigMap
events                                   v1                                 true         Event
limitranges                              v1                                 true         LimitRange
resourceQuotas                           v1                                 true         ResourceQuota
secrets                                  v1                                 true         Secret
serviceaccounts                          v1                                 true         ServiceAccount
localsubjectaccessreviews                authorization.k8s.io/v1            true         LocalSubjectAccessReview
selfsubjectaccessreviews                 authorization.k8s.io/v1            false        SelfSubjectAccessReview
selfsubjectrulesreviews                  authorization.k8s.io/v1            false        SelfSubjectRulesReview
subjectaccessreviews                     authorization.k8s.io/v1            false        SubjectAccessReview
events                                   events.k8s.io/v1                   true         Event
clusterrolebindings                      rbac.authorization.k8s.io/v1       false        ClusterRoleBinding
clusterroles                             rbac.authorization.k8s.io/v1       false        ClusterRole
rolebindings                             rbac.authorization.k8s.io/v1       true         RoleBinding
roles                                    rbac.authorization.k8s.io/v1       true         Role
availabilitytargets         avt          spaces.tanzu.vmware.com/v1alpha1   true         AvailabilityTarget
managednamespaces           mn           spaces.tanzu.vmware.com/v1alpha1   true         ManagedNamespace
managednamespacesets        mns          spaces.tanzu.vmware.com/v1alpha1   true         ManagedNamespaceSet
profiles                    pr           spaces.tanzu.vmware.com/v1alpha1   true         Profile
spaces                      sp           spaces.tanzu.vmware.com/v1alpha1   true         Space
traits                      tr           spaces.tanzu.vmware.com/v1alpha1   true         Trait
projects                                 ucp.tanzu.vmware.com/v1            false        Project

Now change the context to point to space and verified the kubecontext in the internal kubeconfig file is updated correctly to point to the space.

❯ ./bin/tanzu project use mfine
✓ Successfully set project to mfine
❯ ./bin/tanzu space use wfd2
✓ Successfully set space to wfd2
❯ tk api-resources
NAME                             SHORTNAMES     APIVERSION                                    NAMESPACED   KIND
configmaps                                      v1                                            true         ConfigMap
events                                          v1                                            true         Event
limitranges                                     v1                                            true         LimitRange
resourceQuotas                                  v1                                            true         ResourceQuota
secrets                                         v1                                            true         Secret
serviceaccounts                                 v1                                            true         ServiceAccount
containerapps                    capp           apps.tanzu.vmware.com/v1                      true         ContainerApp
localsubjectaccessreviews                       authorization.k8s.io/v1                       true         LocalSubjectAccessReview
selfsubjectaccessreviews                        authorization.k8s.io/v1                       false        SelfSubjectAccessReview
selfsubjectrulesreviews                         authorization.k8s.io/v1                       false        SelfSubjectRulesReview
subjectaccessreviews                            authorization.k8s.io/v1                       false        SubjectAccessReview
redisclusters                                   bitnami.caching.tanzu.vmware.com/v1alpha1     true         RedisCluster
mongodbinstances                                bitnami.database.tanzu.vmware.com/v1alpha1    true         MongoDBInstance
mysqlinstances                                  bitnami.database.tanzu.vmware.com/v1alpha1    true         MySQLInstance
postgresqlinstances                             bitnami.database.tanzu.vmware.com/v1alpha1    true         PostgreSQLInstance
kafkainstances                                  bitnami.messaging.tanzu.vmware.com/v1alpha1   true         KafkaInstance
rabbitmqclusters                                bitnami.messaging.tanzu.vmware.com/v1alpha1   true         RabbitmqCluster
certificates                     cert,certs     cert-manager.io/v1                            true         Certificate
issuers                                         cert-manager.io/v1                            true         Issuer
packages                         pkg            data.packaging.carvel.dev/v1alpha1            true         Package
events                                          events.k8s.io/v1                              true         Event
httproutes                                      gateway.networking.k8s.io/v1beta1             true         HTTPRoute
packageinstalls                  pkgi           packaging.carvel.dev/v1alpha1                 true         PackageInstall
packagerepositories              pkgr           packaging.carvel.dev/v1alpha1                 true         PackageRepository
clusterrolebindings                             rbac.authorization.k8s.io/v1                  false        ClusterRoleBinding
clusterroles                                    rbac.authorization.k8s.io/v1                  false        ClusterRole
rolebindings                                    rbac.authorization.k8s.io/v1                  true         RoleBinding
roles                                           rbac.authorization.k8s.io/v1                  true         Role
peerauthentications              pa             security.istio.io/v1beta1                     true         PeerAuthentication
preprovisionedservices                          services.tanzu.vmware.com/v1alpha1            true         PreProvisionedService
serviceinstancebindings                         services.tanzu.vmware.com/v1alpha1            true         ServiceInstanceBinding
observabilities                                 tanzu.vmware.com/v1                           true         Observability
springcloudgatewaymappings       scgm,scgms     tanzu.vmware.com/v1                           true         SpringCloudGatewayMapping
springcloudgatewayrouteconfigs   scgrc,scgrcs   tanzu.vmware.com/v1                           true         SpringCloudGatewayRouteConfig
springcloudgateways              scg,scgs       tanzu.vmware.com/v1                           true         SpringCloudGateway
syncresourcesets                 srs            ucp.tanzu.vmware.com/v1                       true         SyncResourceSet
❯ tk config get-contexts
CURRENT   NAME                                CLUSTER                            AUTHINFO                        NAMESPACE
*         tanzu-cli-Tap-SaaS-Beta3            tanzu-cli-Tap-SaaS-Beta3/current   tanzu-cli-Tap-SaaS-Beta3-user
          tanzu-cli-tkg-mgmt-vc@tkg-mgmt-vc   tkg-mgmt-vc                        tanzu-cli-tkg-mgmt-vc

Now, verify that deleting the CLI context would delete the kubecontext from the internal Kubeconfig file.

❯ ./bin/tanzu context delete Tap-SaaS-Beta3
Deleting the context entry from the config will remove it from the list of tracked contexts. You will need to use `tanzu context create` to re-create this context. Are you sure you want to continue? [y/N]: y
[i] Deleting kubeconfig context 'tanzu-cli-Tap-SaaS-Beta3' from the file '/Users/pkalle/.kube-tanzu/config'
[!] WARNING: this removed your active context, use "kubectl config use-context" to select a different one
[ok] Successfully deleted context "Tap-SaaS-Beta3"
❯ tk config get-contexts
CURRENT   NAME                                CLUSTER       AUTHINFO                NAMESPACE
          tanzu-cli-tkg-mgmt-vc@tkg-mgmt-vc   tkg-mgmt-vc   tanzu-cli-tkg-mgmt-vc

❯ export TANZU_CLI_SKIP_UPDATE_KUBECONFIG_ON_CONTEXT_USE=true

❯ tanzu context list
  NAME            ISACTIVE  TYPE             PROJECT  SPACE
  mytmc-ctx       false     mission-control  n/a      n/a
  tkg-mgmt-vc     false     kubernetes       n/a      n/a
  tt-test-selfmg  false     mission-control  n/a      n/a
  ucp             false     tanzu

[i] Use '--wide' flag to view additional columns.

❯ ./bin/tanzu login
[i] API token env var is set

[ok] Successfully logged into 'Tap-SaaS-Beta3' organization and created a tanzu context

// You can see the context (tanzu-cli-Tap-SaaS-Beta3 )  created is not set to current 
❯ tk config get-contexts
CURRENT   NAME                       CLUSTER                    AUTHINFO                        NAMESPACE
          tanzu-cli-Tap-SaaS-Beta3   tanzu-cli-Tap-SaaS-Beta3   tanzu-cli-Tap-SaaS-Beta3-user

// However user can use `--context` flag option in kubectl to use the context created in the internal kubeconfig file

❯ tk --context tanzu-cli-Tap-SaaS-Beta3 get projects
NAME                                   DISPLAYNAME
default
738fa35a-b37e-4165-8cd0-684b9c8e2314   msrinivasssa-prod-vald-01
e4a097e1-2a9b-46a1-aed7-c94894860105   vasanth
1a022e53-6dd9-475a-b13f-c7b434fdb867   mfine
....

// similarly even when user points the context to different resource in UCP , though the kubecontext is updated, the kubecontext is not set to active.
❯ ./bin/tanzu project use tanzu-platform-demo
✓ Successfully set project to tanzu-platform-demo

❯ tk config get-contexts
CURRENT   NAME                                           CLUSTER                                        AUTHINFO                        NAMESPACE
          tanzu-cli-Tap-SaaS-Beta3   tanzu-cli-Tap-SaaS-Beta3   tanzu-cli-Tap-SaaS-Beta3-user

❯ tk --context tanzu-cli-Tap-SaaS-Beta3
NAME                     AGE
spring-petclinic-space   45h
spring-music             30h
spring-metal-greg        24h
dekt-metal-1327          22h
stu-metal-3              22h
spring-metal-ai          8h
where-for-dinner         5h44m

Release note

Use internal Kubeconfig file ($HOME/.kube-tanzu/config) instead of default kubeconfig to store kubecontext for TAP SaaS

Additional information

Special notes for your reviewer

prkalle commented 4 months ago

nit: I would suggest describing under testing section the effect of setting/not setting TANZU_CLI_SKIP_UPDATE_KUBECONFIG_ON_CONTEXT_USE to the active context of the internal kubeconfig file.

Sure, will update the PR description