python icon indicating copy to clipboard operation
python copied to clipboard
verified publisher icon kubernetes-client

Bug: in-cluster config is passing ssl_ca_cert file path instead of the content of the file

Open yk2274 opened this issue 2 years ago • 7 comments

This line is giving ssl_ca_cert the file path instead of the content of the file

https://github.com/kubernetes-client/python/blame/36cfbe68a509d9b9d33395b22b6fa94d7d46c30f/kubernetes/base/config/incluster_config.py#L85C4-L85C4

yk2274 avatar Nov 09 '23 05:11 yk2274

Yeah.. Is there a way to pass cert data instead of ca file path for config.ssl_ca_cert?

ggree1 avatar Nov 24 '23 06:11 ggree1

Agreed it seems to be a bug that the code is only passing the filename instead of reading the content. Would be good if we can have a test to catch the bug.

/help

roycaihw avatar Dec 18 '23 17:12 roycaihw

@roycaihw: This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed by commenting with the /remove-help command.

In response to this:

Agreed it seems to be a bug that the code is only passing the filename instead of reading the content. Would be good if we can have a test to catch the bug.

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Dec 18 '23 17:12 k8s-ci-robot

This is still a bug, cannot use ansible k8s_info on a k3s node where the ~/.kube/config just contains client-certificate-data and certificate-authority-data

ddfreiling avatar Feb 01 '24 10:02 ddfreiling

I also need the solution on the same, we have the requirement to pick the CA certificates from the databases as we are managing thousands of kubernetes clusters and could not maintation CA or kubeconfig file individually for each.

abhi-dev91 avatar Feb 12 '24 10:02 abhi-dev91

@roycaihw I can help on this one. Want me to draft PR?

darshanip avatar Feb 18 '24 15:02 darshanip

When using kubectl the go library defaults to reading both settings, but the python client only reads the certificate-authority setting in the get_cluster_info.

I found test cases mentioning certificate-authority-data but its never tested.

Would the approach be similar to kubectl to add support for certificate-authority-data in this codebase?

fishstamp82 avatar Jun 20 '24 09:06 fishstamp82