Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support KUBERNETES_EXEC_INFO env var for exec provider configuration #1495

Closed
z0rc opened this issue Nov 16, 2021 · 5 comments
Closed

Support KUBERNETES_EXEC_INFO env var for exec provider configuration #1495

z0rc opened this issue Nov 16, 2021 · 5 comments
Labels
enhancement

Comments

@z0rc
Copy link

z0rc commented Nov 16, 2021
edited
Loading

Description

For a long time aws eks get-token returned apiVersion: client.authentication.k8s.io/v1alpha1, there was attempt to switch it to v1beta1, but was hastly reverted, see aws/aws-cli#6289 and aws/aws-cli#6309.

Now aws-cli is going to approach this in planned manner and make it configurable, see aws/aws-cli#6476. It's planned to honor env var KUBERNETES_EXEC_INFO, which is documented here https://kubernetes.io/docs/reference/access-authn-authz/_print/#input-and-output-formats

As provider's exec configuration requires api_version attribute, it will make hard for module authors to support multiple aws-cli versions, once it makes a switch.

Please make this provider support KUBERNETES_EXEC_INFO as source of api_version value, and potentially other attributes too.

Potential Terraform Configuration

Following snippet should work when KUBERNETES_EXEC_INFO is set and valid.

provider "kubernetes" {
  host                   = var.cluster_endpoint
  cluster_ca_certificate = base64decode(var.cluster_ca_cert)
  exec {
    args    = ["eks", "get-token", "--cluster-name", var.cluster_name]
    command = "aws"
  }
}

References

cloudposse/terraform-aws-eks-cluster#131 here is problem that module authors has to deal with.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@stevehipwell
Copy link
Contributor

@z0rc I assume that the provider would work with KUBERNETES_EXEC_INFO passed to env and the same api set manually?

@z0rc
Copy link
Author

z0rc commented May 5, 2022

@stevehipwell I didn't think through the overrides and/or priority order of configuration at this case. Hopefully this can be prioritized with kubectl 1.24 deprecating v1alpha1 client auth version.

@z0rc
Copy link
Author

z0rc commented May 6, 2022

aws/aws-cli#6920 (comment)

@z0rc
Copy link
Author

z0rc commented May 12, 2022
edited
Loading

Reading more into this issue, my initial assumption about setting env var was wrong.

KUBERNETES_EXEC_INFO is set by k8s.io/client-go when doing exec call. I'm testing by setting api_version = client.authentication.k8s.io/v1beta1 and api_version = client.authentication.k8s.io/v1alpha1, and both settings work with aws-cli 2.6.3. So I assume nothing needs to be changed on provider side, as aws-cli uses api_version which is requested by provider configuration.

@z0rc z0rc closed this as completed May 12, 2022
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 12, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@z0rc @stevehipwell